EN
Being able to recognize scams is all about the ability to see and evaluate the signals that are coming from the available data. Almost anything could be a signal that alarms the user about the possibility of suspicious activity on a website. For instance, the age of the domain name or its length, the presence or absence of an SSL certificate, the grammar of the text content, images, social media buttons, and so on. The technological stack of the website also needs to be taken into consideration.
Fraudsters often use certain website technologies to lure unsuspecting victims into providing sensitive information, stealing money, or compromising their identity. That is not to say that the technologies themselves are bad. It is how they are used by malicious actors. As with any other technological advance, it can be used for both good and bad things. Perhaps the most common example of this is fire, which can be used for preparing a meal or for arson. With that being said, there are definitely certain patterns in the use of certain technologies that can be considered signals of suspicious activity.
Of course, fraud can happen in a myriad of different ways, and the technologies used for malicious activities can be the most sophisticated. With this article, we do not aim to provide a comprehensive list of technologies but rather give examples of how some website technologies can be exploited by internet scammers due to certain features they possess or provide, namely:
The creation of a website starts with the registration of a domain name, which cannot be done without the services of a domain name registrar.
According to research conducted by Scamadviser in September 2022, GoDaddy, which is the world's largest domain registrar, increased its share of hosting dubious domains from 3% last year to this year's 7.5%. This percentage is slightly less than the overall average, however, in absolute numbers, this is huge.
The top three registrars with the highest percentage rate of low-score domains registered are Alibaba (63.8%), NameSilo (28.2%), and NameCheap (14.8%).
These popular domain name registration services, known for their affordability, are unfortunately not immune to misuse by internet fraudsters. Due to their low costs and ease of use, these platforms can inadvertently facilitate the creation of deceptive websites.
The fact that the domain name is registered with one of the abovementioned registrars does not in any way mean that it is a scam since millions of legit domain names are registered with them. However, it is a signal that one should pay attention to and information that needs to be considered in combination with other signals when evaluating a website.
A Content Delivery Network, or CDN for short, is a network of servers distributed across various locations around the world. Its primary function is to provide quick delivery of internet content.
The distribution of servers allows users to access content from a server that is geographically close to them, resulting in faster load times. This is especially important for loading heavy content like videos, images, and scripts.
When a user requests a webpage, the CDN redirects the request from the originating site's server to a server in the CDN that is closest to the user and delivers the cached content from that server. If the content is not available in the cache, the CDN server will request it from the origin server, cache the content for future use, and serve it to the user.
This is where it becomes tricky. especially when it comes to Cloudflare
Where Cloudflare’s CDN services are used by a website, the actual host for the website is not revealed. Cloudflare provides a reverse proxy service, which acts as an intermediary between the host server and the visitors, thereby hiding the origin server. This means that from an enforcement perspective when a website infringes IP and uses Cloudflare as its CDN provider, the only information immediately available to the rights owner is that Cloudflare is providing CDN services. The operator of the site is not revealed, nor is the true host location for the site. While this offers protection against cyberattacks such as a denial-of-service attack, it can be a double-edged sword as the anonymity gained can also be used for malicious purposes.
According to the findings of the research conducted by Corsearch in 2022:
Again, CDN from Cloudflare is a great and needed product, but it is often used by wrongdoers to hide their identity. So, it might be considered a signal to those who are fighting cybercriminals when evaluating the credibility of a website.
Secure Socket Layer (SSL) certificates, typically symbolized by the 'https' prefix and a padlock icon in the address bar, are designed to encrypt data transfers between a user's browser and the website they're visiting. These certificates are often used as a sign of website security and data protection. Unfortunately, internet scammers exploit this perception of safety to lend an aura of legitimacy to their nefarious activities.
Fraudsters, particularly those behind phishing campaigns, often secure SSL certificates for their deceptive websites. Since many users associate the 'https' and padlock icons with security and trustworthiness, this tactic can effectively mislead users into thinking that a fraudulent site is genuine.
Let's Encrypt, a non-profit certificate authority launched by the Internet Security Research Group (ISRG), provides free SSL/TLS certificates as part of a movement to create a more secure and privacy-respecting web. However, the easy access and no-cost nature of these certificates have also unfortunately made them an attractive option for internet scammers.
According to data collected by DomainCrawler, 96.99% of all e-commerce websites have SSL certificates in place. 65% are issued by Let’s Encrypt.
Ecommerce websites with e-commerce, DomainCrawler’s data as of August 28, 2023
Here's how it often unfolds: a fraudster creates a deceptive website designed to mimic a reputable brand or service. To bolster the appearance of legitimacy, they procured an SSL certificate from Let's Encrypt. The 'https' prefix and padlock icon now visible in the user's address bar can then mislead users into thinking they're on a secure, trustworthy site.
For instance, a scammer could create a counterfeit webshop, offering high-demand products at drastically reduced prices. After securing a free SSL certificate from Let's Encrypt, they might then send phishing emails to potential victims, directing them to their "secure" website.
It's crucial to understand that while Let's Encrypt and other SSL certificates provide an essential layer of security by encrypting data, they do not verify the website operator's integrity or the website's content. However, it is much less likely for scammers to use Extended Validation types of SSL certificates.
The widespread use of Software-as-a-Service (SaaS) CMS and E-commerce platforms, such as Shopify, WooCommerce, Wix, or Squarespace, has lowered the barrier to entry for online businesses, which unfortunately also includes illicit activities. These platforms provide all the necessary tools for creating an online store, including product listings, images, shopping carts, and payment gateways, which allow scammers to create sophisticated, beautiful websites along with the ability to add e-commerce functionality
The main advantage here is quick setup. These platforms provide easy-to-use interfaces and templates, allowing anyone to quickly set up a professional-looking online shop, including fraudsters. They can swiftly create a fake webshop, populate it with product listings (often copied from legitimate sites), and start "selling" products.
Additionally, limited verification creates opportunities for scammers. While SaaS platforms do have policies against fraudulent activities, the sheer volume of new shops being created can make it difficult to thoroughly vet each one. Fraudsters can take advantage of this, at least for a short period, until they're detected and shut down.
Website technologies can be used for both legitimate and illegitimate purposes, like almost anything else in the world.
Anonymity, quick replication, and a low price are the things that make a certain solution or technology popular among fraudsters. President of GASA, Jorij Abraham, says: Scammers are not using expensive software, but they are professionalizing. We see that some scammers have developed entire scam platforms, making it very easy to copy/paste their scams from one domain to another. We even measured it once. A website was taken down, and automatically, within 3.5 minutes, the next site was launched. This only confirms that we need to automate our response. We cannot win this manually.
Solutions like DomainCrawler and ScamAdviser Analyzer make it possible to track the usage of website technologies to make the process of detecting and combating scams more efficient.
Volodymyr is a seasoned marketing professional with a passion for big data. He has been working with DomainCrawler since its launch in 2021. Prior to his involvement with DomainCrawler, he worked with a Swedish hosting provider, Internet Vikings, as a Content Strategist and Event Manager.
DomainCrawler is a leading B2B provider of quality domain data across various industries. From domain name registries and registrars to brand protection agencies and OSINT investigators – DomainCrawler supplies accurate data that allows its customers to fight cybercrime, monitor the entire Internet, detect changes in domain activity, uncover hidden connections on the web, and conduct comprehensive market research.
