A few weeks ago I was instructed to look into a phishing website that was stealing personal information and credit card information of suspected customers. You think you are ordering something and expect to have it delivered in a few days but what really happened was, there are no products being delivered and your credit card and personal information have just been stolen! Most likely for creating new accounts under your name. I have investigated many phishing and fake websites before but this one caught my eye because it was perfect, I mean it was one of the best phishing websites I have ever seen.
I provide technology consulting services for a company which manufactures holiday and seasonal products. The customer demographics are primarily women between the age of 32 and 65. Some of the products manufactured are actually collector items and can be resold for thousands of dollars. So when I started investigating this phishing website, the products that were shown which people could purchase, were 50% off and highly collectible. Not to mention the graphics and layout of the website looked extremely professional. Even had an SSL Certificate. Cheese for a hungry mouse!
So what do you do in a case like this? File a DMCA? Report it to the FBI and FTC?
Because the website was using the manufactures logo and images which they clearly did not have the authorization to do, I filed a DMCA copyright violation with Godaddy. However, after many attempts with emails and phone calls, I never received a reply email nor could I even open a ticket with them to have someone call me back.
As for the FBI and the FTC, they are just as bad. I submitted many requests about this website and never heard back, knowing every day they are stealing hundreds of identities and credit card numbers. Guess they have bigger things to investigate.
Go after the hosting company some said?
My next approach was to contact the hosting company because one would think if you notified the right person or company about this fraud they would turn it off ASAP. Not even close!! The hosting company sits behind a company called CloudFlare.com, and CloudFlare.com is a proxy / caching services for websites. I contacted CloudFlare.com to inform them that this website engaging and conducting online fraud using their services. Cloud Flares response, “Sorry, but we do not police the content of our customers. Please contacting the hosting provider to have them turned off. ” The email they provided for the hosting provider was 123TakefromMe@hotmail.com. Needless to say, they did not return my email.
The real problem is, as soon as I get the website turned off, its back up under a different domain name and hosting provider usually within an hour.
So how do you get a fake phishing website turned off?
Well, you would think that CloudFlare, a company located in the U.S, would help protect people with identity and credit card fraud, but think again. This company and the CEO Matthew Prince know exactly what is going on, and they will not do a thing about it. They really don’t care because they are making millions from sites like this. Why would they want to turn away any customers? Even if the customer is from North Korea, which is where this phishing website originates from and is where your stolen identity is going. I am pretty sure there are hundreds if not thousands of these websites being hosted at CloudFlare and at other proxy / caching service companies.
So, in the end, there is not much you can do to stop a fake phishing website like this. The best thing for my customer to do was to put up a social media post notifying all of their customers/collectors not to purchase from this website.
Companies like Cloud Flare that allow these fake phishing websites are just pushing people to sites like Amazon and Walmart. Eventually, these large enterprise websites will be the only place where people feel safe to purchase from. But in the end, we are just doing it to ourselves. It is only a matter of time before cybersecurity is a ticket for a presidential hopeful.