Site logo


Switch to full style
Report any emails with fake links attempting to steal your ID, and any fake sites used by scammers.
Post a reply

Understanding fake sites

Mon Jul 17, 2017 7:51 pm

Everyone uses the Internet today, from governments and companies to average people. When encountering problems or trying to research suspicions, there is a distinct area that has a lot of information in it, but that information is hard to understand because it seems to use very specialized language. It is the type of information associated with the fake sites / fraudulent domains area. Let's try to make the things easier.

Any page on the Internet is considered a Web Page. The address of the web page is a URL, also called a link. URL is an abbreviation for Uniform Resource Locator.

A collection of associated web pages starting with the same address, is a website.

Each website is defined by a unique name - the domain name. The domain name is what appears at the start in the address bar when the site is accessed. Every time a site is visited, the domain name is translated to an IP address, much like a street address, defining the server address where that website is located - Domain Name System (DNS).

To register a domain name to be used online, the services of a specialized company, a Registrar has to be used. This can be either directly or via a reseller for the Registrar. The Registrar is an accredited company who has the authority to register domain names.

The person or company that registers a domain name is called a Registrant, also called a Registered Name Holder.

The supreme authority in the domain name area is ICANN (Internet Corporation For Assigned Names and Numbers), an 18 year old US-based non-profit organisation, that became a private entity on October 1, 2016. ICANN is the institution managing, among others, the IP address space allocation and the domain name system management.

Domains can be split into two groups, designated by the end of the domain name; generic top-level domains (gTLDs) and country-specific top-level domains (ccTLDs)


ICANN manages gTLDs directly, whereas they delegate control of the ccTLDs to the relevant country. Typically a ccTLD ends with a two letter country code.

To be active, any website needs a "house" called a host or hoster. This is a company providing space for the website's online presence.

Now - to keep things simple, a fake site is created based on lies: a lie about who the entity owning that site is, a lie about what that site is doing, a lie about what that site asks for, and/or has to offer.

From an official point of view, anyone registering a domain needs to provide truthful information about himself, for example: name, location, phone number, email address.

In theory, ICANN prohibits anybody registering a domain causing harm to a third party or lying in domain registration details. Likewise most hosters also prohibit this. Practice shows something else ...

Some registrars care about the content of the domains they allow to be active under their supervision and how they are used, some not.

Fake sites and domains come in all shapes and forms. Some are used in Advance Fee Fraud (AFF), some are mixing the AFF area with phishing, some are mixing AFF with spreading malware, some are used for Business Email Compromise (BEC).

To report a fake site, the most important part is the proof showing how that site is used in a fraud, phishing attempt, or malware distribution.

Like in other type of scams, lying about location (meaning fake WHOIS details) is a valid reason for suspending a domain.

Emails showing how the site is involved in a scam are important, including headers showing the domain email addresses being used in fraud.

If reported to us, everything is checked, documented and ends up as reports to registrars/hosts, called an abuse report, asking them to suspend the fake site and/or domain.

Reporting the fake site to their hoster might end with that fake site being suspended, but the hoster may notify the scammer about the problems on the site, giving him valuable information about what he was doing wrong and educating him to scam better with the next one. A suspended site at the host level can move without problems on another host and be used in frauds again without any problems, until someone reports it again. This is called host hopping.

Reporting the domain to the registrar is a perfect option, theoretically speaking - because if the registrar decides the domain is a fraudulent one, he will set that domain on hold and the scammer will be unable to move it somewhere else, because he is locked out of abusing it further.

Thinking logically, we would assume that once reported for being involved in a fraud, a fake domain name will be never online again. The practice shows otherwise. Suspended by a registrar, the very same domain can be reused after a while. In theory the regulators assume the domain name is used in a good faith, but let's be honest: how many real normal people have a legitimate reason to use a domain name similar to a bank name or their own FBI?

Killing fake sites is a highly specialized activity and is done in a certain way. However, for that, the basic details about each fake site's activities are vital. For this reason we strongly advise anyone posting here to include as much information as possible while reporting a scammer. If not posted in your post, please send the details to one of our staff members who will re-post the needed elements without exposing the person providing those details.

All the domain names / sites you find in this area are fraudulent. Anyone contacting you on their behalf or directing you to those sites is a scammer. If you were contacted by or directed to any of the fake sites reported in this area of our forum, please let us know.

The fake site maker

Tue Dec 19, 2017 7:25 pm

The fake site maker (faker maker) is an essential part in any online fraud infrastructure. In some cases, he was / is a fraudster himself, being actively involved in the process of scamming victims under a fake identity. In other cases, he is not active himself in the defrauding process, but he is building the online infrastructure other scammers use during their scams.

The role of the fake site maker in the online fraud structure is a major one. He is "the specialist" building all the fake sites the scam syndicate needs for gaining the trust of the victims. The activity of the fake site maker starts with building the fake sites used to defraud victims. After the fake site is created (abusing stolen content from legitimate sites or creating entirely fictitious entities), the fake site maker register the domain name and gets a hosting space for the site. He is the person filling the hosting space with more fraudulent content, configuring the fake site for working in the way the scam syndicate needs it, be it only for the email address, or more - login areas meant to confirm the scam story: bank account with fake in-heritage, lotteries prizes etc, tracking pages showing the nonexistent parcel travelling around the world and so on.

When the fake site he creates gets reported and sometimes suspended, the fake site maker is the one moving the site on another host space and adjusting the appearance of that site to avoid another detection.

From a legal point of view, the fake site maker is an important player. As shown by previous research about online fraud, the scam syndicate is rarely entirely exposed, because not all the participants are easy to identify. The criminals running these scam syndicates avoid detection and when an online fraudster gets arrested, it is usually a small player in the scam syndicate. The leader of the scam syndicate is hard to identify - but he is the one paying the fake site maker for the fraudulent domains the fake site maker creates.

How fake sites works in fraud

Tue Dec 19, 2017 7:30 pm

How fake sites works in fraud

The first type includes domains having no content; when typing in the URL, the domain redirects to the real entity the fraudsters impersonate. The victim will see the real entity's domain on the screen and will assume they are dealing with that entity. There are also other ways of using fraudulent domains with no content, showing white pages for example or looking like the domain is under construction or there is no domain at all. Most of those domain names are used only for the email address.

Then we have the domain names with associated content. The content is stolen from one or more different web sites belonging to real companies and may be renamed or may use the exact same name, while the domain name is slightly different.

Fake banks

The fake banks are used in all types of online fraud. There are two types of fake banks:
- ones where the victims are asked to go and check themselves the "existence" of the money the scammer pretends to have and wants to share with the victim: prizes for fake lotteries, accounts of dead people the victim is asked to be next of kin for, accounts of fake characters used in romance scams asking their victims to help them recover the money;
- ones where the victim is asked to create an account for receiving money the scammer promised to deliver - lottery, inheritance, payments during a business transaction.

Fake suppliers

The fake sites impersonating suppliers are used in non-delivery scams and cover a large area of fraud: from fake documents and drugs to pets, electronics, cars, properties, commodities to gold and precious stones.

Fake couriers

The fake sites impersonating couriers are used in all types of online fraud. It might be a job scam, where the victim needs to receive visa and work permit, a non-delivery scam with a victim waiting for a product bought online, where the victim believes they will receive a parcel from a loved one. In all the cases involving fake couriers, the victim will receive a link to a tracking page and login details to check the parcel status.

Fake authorities

The fake sites impersonating authorities are a major part of online fraud and can be found in various shapes and forms: from domains impersonating law enforcement in various countries (FBI, Interpol, Homeland Security, DEA) to United Nations or Red Cross and Embassies or lawyers. These type of sites are used mostly in recovery scams, but also in other types of scams and are meant to confirm to the victim the "legality" of the fraudster's financial requests.

The most important red flag regarding fake sites is this: no real person uses fake sites. If you end up dealing with a fake site, the person sending you there is also a fraudster.
Post a reply