Compromised DreamHost-hosted websites lead to scams
Hundreds of websites hosted by DreamHost have been compromised and are used to redirect users to a Russian scam page, warns Zscaler.
Whether or not this is the result of the recent compromise of one of the hosting provider’s database servers is unknown.
The hijacked websites contain a PHP page redirecting visitors to a website hosting a “get rich working from home” scam. On that site there are also fake Google AdSense ads that all link to a YouTube lookalike site showing videos that promote an online gambling site.
The scheme was first discovered on Friday, and the domain in question has obviously been blocked in the meantime, forcing scammers to redirect users first to similar domains that contained absolutely nothing, and currently to a service that supposedly tells users all about their ancestors and family links:
To do that, the users are asked to share their first and last names, the names of their father and mother (including her maiden name), their nationality, their and their parents’ place of birth, and their date of birth.
They are then presented with a short summary of the information the site can provide: photos, diplomas, letters, and more. But, in order to see specific information, the users are required to activate the service by sending an SMS to a specific number and share their phone number.
Oh, and by the way – the service costs some 600 rubles (around $20) per month, and this particular piece of information can only be read by those wise enough to scroll way down the page.
And while this service does seem to be legitimate, the practice of making the fees difficult to spot is unfair to the customers. And it is also possible that the collected information is sold to third parties or used by the people behind the service to send out spam or orchestrate social engineering attacks.