The Bad Boys of the Internet: How Big Internet Companies are Supporting Scammers

According to previous research, the number of online scams increased by 40% last year. For 2021 a similar growth rate is expected due to the Corona pandemic. Online scammers are no longer 15-year-old kids who set-up an online store but do not deliver. In the past few years, professional crime syndicates have taken over running scam networks with hundreds of websites supporting investment scams, cryptocurrency schemes, romantic dating plots and subscription hoaxes. These networks often make millions of “sales” monthly at nearly zero costs.

Like in the physical world, every criminal has support. Offline, these are production plants, distribution companies, creative accountants, and lawyers (lots of them). Online, they need to register their domain name, host their websites, preferably in a country that does not prioritize fighting cybercrime.

Scamadviser analyzed 7 million domain names and discovered that some hosting companies, registrars (where you register a domain name), registries (the owners of extensions such as .com, .biz and .store) and countries seem to support scammers much more than others (see “About the Data” at the end of this article for more information).

Bad Registrars

Every scammer needs a domain name to promote his website. You can purchase a website name from a registrar. GoDaddy is one of the most used registrars (and hosting company) worldwide. In the table below you find that 3% of the websites which are registered at GoDaddy have a Trust Score equal or lower than 20 (on a scale from 1 to 100). This percentage is in line with the overall average.

However, this percentage is relatively low compared to other registrars. In the last 90 days, 36,000 websites registered on Alibaba were scanned by Scamadviser.com. Of these, 14.3% are considered dubious. This may be due to the very high number of online stores offering fakes or not delivering products with roots in China. However, American based companies like NameSilo (13.2%) and NameCheap (10.5%) likewise do not score well.

Registrar	Hosted Domains	Low Score Domains	% Low Score Domains
GoDaddy.com	528,752	15,876	3.0%
NameCheap	119,754	12,546	10.5%
PublicDomainRegistry.com	92,461	3,074	3.3%
ENOM	91,405	1,650	1.8%
Network Solutions	82,531	532	0.6%
1&1 IONOS	49,002	483	1.0%
NameSilo	40,710	5,340	13.2%
Alibaba Cloud Computing	35,925	5,139	14.3%
FastDomain	33,624	552	1.6%
GMO INTERNET, INC.	29,825	1,039	3.5%

If we look at registrars with the lowest average Trust Score, mainly registrars with an Asian background pop-up. Some, like Shanghai Meicheng and Alibaba appear several times as they use different company entities.

Registrar	Average Score	Domains Hosted
shanghai meicheng technology information development	5	511
Shanghai Meicheng Technology Information	13	199
UNITEDKINGDOMDOMAINS	20	41
EIMS (Shenzhen) Culture & Technology	25	37
Shanghai Meicheng Technology Information Development	27	270
Hongkong Domain Name Information Management	28	4,144
EPIK	31	45
Media Elite Holding	31	1,728
ALIBABA.COM SINGAPORE E-COMMERCE	32	7,145
Alibaba Cloud Computing	33	2,422

 

Bad Hosting Companies

Apart from a domain name, each website needs an Internet Service Provider (ISP) to host its website. Based on an analysis of data gathered from mid-January to mid-April 2021, hosting company Cloudflare hosts the most domain names with a Trust Score lower than 20. However, of the largest hosting companies Namecheap performs by far the worst. Of the 47,841 websites analyzed, 8,433 or 17.6% can be considered scammy. Google and GoDaddy on the other hand perform remarkably well with only 1,7% and 2,0% of the websites researched can be considered malicious.

ISP	Hosted Domains	Low Score Domains	% Low Score Domains
Cloudflare	326,325	11,905	3.7%
Google	175,561	2,975	1.7%
GoDaddy.com	105,755	2,127	2.0%
OVH	78,024	1,690	2.2%
Amazon Technologies	75,150	3,372	4.5%
Unified Layer	68,850	1,334	2.0%
WebsiteWelcome.com	64,214	1,140	1.8%
DigitalOcean	60,215	1,459	2.4%
Hetzner Online	52,249	1,204	2.3%
Namecheap	48,116	8,456	17.6%
Shopify	45,407	3,802	8.4%

There are hosting companies which perform far worse. However, they do not have the reach of the top players listed above. In the table below, the Internet Service Providers are listed with the lowest average Trust Score for the (minimal 20) domains they host.

ISP	Average Score	Domains Hosted
Vladimir Filippo	8	38
Coverage Technologies	9	611
GigaHostingServices	9	83
Sunshine Webhost Limited	9	23
XeVPS Hosting	9	61
World Hosting Farm Limited	10	23
Lijun Yang	10	33
DDoS-GUARD Ecuador	10	90
MBOX	13	48
Compevo AP	14	21

 

Bad Registries

The registrar does not own the domain name it sells to a person or company. Registrars are the ‘middleman’ between the user that licenses a website name and the registry. The registry owns the domain name and is in charge of the general administration of a top level domain such as .com, .biz or .store.

Not surprisingly, the most used extensions are .com, .net and .org. What is remarkable is the relatively high misuse of .co (5.4%) and low misuse of .cn (0.36%). The .co extension is often misused by scammers as it gives potential scam victims the impression that it is a legit .com site. The Chinese country’s top level domain seems hardly misused at all, probably as scammers still focus on victims outside of the Chinese market and prefer extensions more “Western” extensions.

Registry	Hosted Domains	Low Score Domains	% Low Score Domains
com	1,832,842	72,243	3.9%
net	135,170	4,317	3.2%
org	105,805	1,753	1.7%
de	82,464	1,552	1.8%
ru	78,952	3,457	4.4%
cn	72,014	190	0.36%
co.uk	58,587	1,839	3.1%
nl	52,255	699	1.3%
it	31,259	467	1.5%
au	30,503	366	1.2%
pl	25,431	392	1.5%
co	25,024	1,342	5.4%

Amongst the less well-known and used domain extensions, the .ltd extension has the lowest average trust score. Other often misused top levels are .store, and .top. The main reason for misuse is their low price. At Namecheap.com (one of the cheaper Registrars) you can get a .ltd for $ 6.98, .top for $ 3.98 and .store for $ 1.88 per year!

Registry	Average Score	Domains Hosted
ltd	29	2,537
buzz	32	676
uno	36	326
cyou	41	241
icu	43	1,078
casa	44	328
store	47	6,615
top	48	8,270
mosnter	49	182
trade	49	742

 

Bad Countries

Finally, it is interesting to see which countries host the most scammers. Most websites are using a server which is based in the United States. 3.8% of all websites hosted in this country have a Trust Score lower than 20. Slightly about the total average of 3%.

Countries like Hong Kong (8.2%), Senegal (6.0%), Singapore (5.9%) Canada (5.50%) and Russia (5.0%) are hosting the most scammers of the top 10 countries. Each country seems to have its own “specialization”. Where Hong Kong and Singapore are known for online stores selling fakes or not delivering, Senegal offers financial services and Russian scammers are heavily “investing” in cryptocurrency scams.

Country	Hosted Domains	Low Score Domains	% Low Score Domains
United States	1,407,912	53,479	3.8%
Germany	284,184	5,896	2.1%
Great Britain	152,504	2,866	1.9%
Netherlands	145,029	3,375	2.3%
Hong Kong	105,186	8,580	8.2%
Canada	89,868	4,897	5.5%
Russia	79,861	4,014	5.0%
Japan	79,366	2,111	2.7%
France	73,900	1,716	2.3%
Senegal	34,671	2,052	6.0%

If you look at the countries which, on average, have the lowest Trust Scores, some less known nations pop-up. Some of these countries are known for investment and cryptocurrency scams such as Belize, the Seychelles, and Virgin Islands. Uganda is known for advance fee frauds while Ghana is building up a reputation for pet scams. In many cases, these countries may not even really host the scam sites. Their IP address is however being used to hide the real location of the malicious servers.

Country	Average Score	Domains Hosted
Belize	40	1,636
Ecuador	58	233
Panama	59	416
Hong Kong	61	191,250
Seychelles	64	270
Uganda	64	97
Virgin Islands	65	33,959
Yemen	69	30
Brunei	72	71
Ghana	72	147

 

How to Fix the Internet?

With 3% of all websites having a Trust Score of less than 20 out of 100, cybercriminals have clearly established themselves on the Internet. The big question is: how to fight them?

Cybercrime largely goes unpunished at this moment. Setting up a malicious website is cheap and very quickly to do. More importantly, the chance of getting caught is near to zero if the criminal operates outside his own country.

Of course, the organizations listed in this article are not criminal. However, their Know Your Customer (KYC) processes leave much to be desired. Some hosting providers, registries, and registrars have improved their KYC policies. The Danish .dk registry for example was able to reduce the number of online stores selling fakes with 80% in one year by just asking for an ID.

Unfortunately, forcing hosting providers, registries, and registrars to have more stringent KYC processes seems a lost cause. If there are a few “bad boys” in the market, scammers will just flock to these players.

Scamadviser is therefore betting on warning consumers via anti-virus software and internet filters about websites with low Trust Scores. Via its partners, the company is already reaching 1 billion users.  

About the Data

More than 100.000 consumers check Scamadviser.com every day and Scamadviser adds more than 1 million new websites to its database every month. Since 2012, Scamadviser has been developing an algorithm which gives every domain a Trust Score based on 40 different data sources.

The data analysis is based on 7 million recently scanned domains in Scamadviser’s database and its Trust Score.  A domain with a Trust Score of 100 is very, very likely legit. A domain that scores a 1 is very, very likely a scam. The average Trust Score is 85 with 3% of all sites scoring less than 20.