How could it happen?
Hyphbot registered loads of domain names similar to the names of prominent media corporations, including CNN and The Wall Street Journal. On the sites linked to the names, they put up video ads. Then they programmed bots on hacked PCs to visit the sites. Advertisers -- who thought their ads were on legitimate media sites -- were billed for each unique IP address used to view their ads. And, with half a million hacked PCs doing the 'viewing', the fees kept mounting up. For a month, the network was raking in nearly $500,000 a day.
Scams are getting bigger and bigger
The scale of the Hyphbot operation shows how sophisticated cybercriminals have become. It wasn't the first time the trick had been used, but it was easily the biggest scam of its kind to date. Media corporations are trying to turn the tide by publishing lists of partners that are allowed to sell advertising for them. The lists are placed on the companies' main sites, in the form of an 'ads.txt' file in the root directory. For an example, see Sanoma's ads file. Advertisers can use the file to check whether an intermediary is authorised to sell the media company's ad space.
Protect your brand!
The Hyphbot scammers were able to con advertisers on a huge scale by using misleading domain names. However, there are numerous tools on the market for checking the profile, reputation and history of a domain name. One of the best known is Moz.com. And you can get alerts whenever a domain name is registered that looks like your brand name by signing up for SIDN's Domain Name Surveillance Service (DBS). The fraud described above would have been much harder without domain names that looked like big media brands.