Cybercriminals rake in nearly half a million dollars a day from advertising

Tens of thousands of misleading domain names and half a million hacked IP addresses. That's what an international gang used to rake in millions from advertising before being uncovered by a Danish firm. The story of the Hyphbot network was reported by the Wall Street Journal last week.

How could it happen?

Hyphbot registered loads of domain names similar to the names of prominent media corporations, including CNN and The Wall Street Journal. On the sites linked to the names, they put up video ads. Then they programmed bots on hacked PCs to visit the sites. Advertisers -- who thought their ads were on legitimate media sites -- were billed for each unique IP address used to view their ads. And, with half a million hacked PCs doing the 'viewing', the fees kept mounting up. For a month, the network was raking in nearly $500,000 a day.

Scams are getting bigger and bigger

The scale of the Hyphbot operation shows how sophisticated cybercriminals have become. It wasn't the first time the trick had been used, but it was easily the biggest scam of its kind to date. Media corporations are trying to turn the tide by publishing lists of partners that are allowed to sell advertising for them. The lists are placed on the companies' main sites, in the form of an 'ads.txt' file in the root directory. For an example, see Sanoma's ads file. Advertisers can use the file to check whether an intermediary is authorised to sell the media company's ad space.

Protect your brand!

The Hyphbot scammers were able to con advertisers on a huge scale by using misleading domain names. However, there are numerous tools on the market for checking the profile, reputation and history of a domain name. One of the best known is And you can get alerts whenever a domain name is registered that looks like your brand name by signing up for SIDN's Domain Name Surveillance Service (DBS). The fraud described above would have been much harder without domain names that looked like big media brands.




Michiel Henneke

Marketing Manager

+31 26 352 55 00

  • Monday 25 June 2018


    Continued growth sees global domain name count top 330 million


    Growth of generic TLDs is slowing, however

    Read more
  • Tuesday 17 April 2018


    Catch-up: Webinar on the implications of the GDPR for domain registration


    Watch the webinar

    Read more
  • Wednesday 25 April 2018


    Two new DNSSEC-validating DNS services launched


    In recent weeks, two new DNS services for the general public have been launched, and both support DNSSEC validation.

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.