Cybercriminals rake in nearly half a million dollars a day from advertising

Tens of thousands of misleading domain names and half a million hacked IP addresses. That's what an international gang used to rake in millions from advertising before being uncovered by a Danish firm. The story of the Hyphbot network was reported by the Wall Street Journal last week.

How could it happen?

Hyphbot registered loads of domain names similar to the names of prominent media corporations, including CNN and The Wall Street Journal. On the sites linked to the names, they put up video ads. Then they programmed bots on hacked PCs to visit the sites. Advertisers -- who thought their ads were on legitimate media sites -- were billed for each unique IP address used to view their ads. And, with half a million hacked PCs doing the 'viewing', the fees kept mounting up. For a month, the network was raking in nearly $500,000 a day.

Scams are getting bigger and bigger

The scale of the Hyphbot operation shows how sophisticated cybercriminals have become. It wasn't the first time the trick had been used, but it was easily the biggest scam of its kind to date. Media corporations are trying to turn the tide by publishing lists of partners that are allowed to sell advertising for them. The lists are placed on the companies' main sites, in the form of an 'ads.txt' file in the root directory. For an example, see Sanoma's ads file. Advertisers can use the file to check whether an intermediary is authorised to sell the media company's ad space.

Protect your brand!

The Hyphbot scammers were able to con advertisers on a huge scale by using misleading domain names. However, there are numerous tools on the market for checking the profile, reputation and history of a domain name. One of the best known is And you can get alerts whenever a domain name is registered that looks like your brand name by signing up for SIDN's Domain Name Surveillance Service (DBS). The fraud described above would have been much harder without domain names that looked like big media brands.




Michiel Henneke

Marketing Manager

+31 26 352 55 00

  • Monday 28 January 2019

    About SIDN

    SIDN Fund: new call and new batch of projects underway!


    First grant application window of 2019 opens on 28 January

    Read more
  • Tuesday 28 May 2019

    About SIDN

    "Looking at where CENTR and its members are now, we've got every reason to feel proud"


    SIDN is hosting the CENTR Jamboree 2019 in Amsterdam this week

    Read more
  • Friday 21 December 2018


    Register for The State of the Internet 2019


    15 January at OBA Theatre, Amsterdam

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.