Jeweller has previously detailed and reported on the various scams; however, recent research has discovered that the vast majority of the fraudsters are using the services of GoDaddy, the US tech giant.
GoDaddy is listed on the New York Stock Exchange with a market capitalisation of around $US12 billion ($AU17.5 billion).
A preliminary investigation of 60 emails offering to sell intellectual property that either does not exist or, if it does, is stolen, found that 50 were operating via GoDaddy.
Worse, when the issue was raised with the company, a senior GoDaddy representative seemed disinterested.
The most common scam involves the lead-up to international jewellery trade shows. They are all targeted, from the annual JCK Las Vegas, Hong Kong trade shows and Australia’s various jewellery fairs.
Indeed, these scammers don't discriminate between large and small events.
How does it work?
It’s a simple scheme - companies listed as an exhibitor on a show’s website receive emails from people claiming to have the attendee list and registered visitors.
The emails, which appear to be from people at different ‘research companies’ follow a similar model and will often use identical wording.
Background reading: Warning letter issued over Jewellery Fair scam
A recent scam email read; “You can acquire a International Jewellery Fair 2023 attendee list to promote your products and services, invite current and prospective customers to your booth, and maximize your reach before, during, and after the exposition!”
The same wording and an identically formatted email offers the same ‘data’ for JCK Las Vegas.
For a price, you can buy the complete contact details of every visitor - before they even attend the event!
The cost for this data is consistent from email to email, despite the number of attendees and/or visitors differing significantly from event to event.
For example, one recent email purports to offer 3,752 already registered visitors to the upcoming International Jewellery Fair in Sydney (19-21 August) for $439 - discounted from $732.
Another scammer offers a database of 5,467 registered attendees at the same show for $429.
A further two emails from purportedly different businesses each offer a list of 14,412 registered visitors to the same event. According to these 'business analysts', it seems the attendance for the one event can vary from 3,752 to 14,142 people.
Apparently, the lists are provided in MS Excel or CSV Format and the email states the "usage license is unlimited - making it a one-off purchase".
Under the hood
On the surface, the email address looks genuine; however, further examination will prove otherwise.
In the examples above, there is no live website attached to the URL and both are redirected to a page that states that the website is “parked free courtesy of GoDaddy.com”.
Intriguingly, and even though you have received an email from a person at a business who offers to sell you a list of registered fair attendees, you can actually buy the website URL of the business.
In just one or two clicks on the GoDaddy website you can own the URL of the business that was just offering to sell you the details of 5,000 potential customers!
As stated above, this is not an isolated example. Of the 60 emails examined by Jeweller purporting to sell visitor lists to various jewellery trade shows, 50 directed back to GoDaddy.
GoDaddy's website states: “We’re a trusted growth partner to millions of everyday entrepreneurs. GoDaddy is the world’s largest services platform for entrepreneurs around the globe.”
Under a heading titled ‘Abuse reporting’ the website states: “GoDaddy Corporate Domains is committed to providing the best experience possible to our clients and anyone who interacts with them. Please let us know if a name registered here is being used in a malicious or abusive way.”
Lacklustre response
Jeweller attempted to contact GoDaddy to seek clarification.
Namely, how it is that - in the first instance - a URL that is being hosted free of charge by GoDaddy could be used to help perpetrate fraudulent transactions on the international jewellery industry and, simultaneously, the same URL is being offered for sale by GoDaddy?
In reference to GoDaddy’s claim to be concerned about “malicious” use of its services, Jeweller’s email stated: “It has now come to our attention that the vast majority of these scammers are using GoDaddy’s services. We can provide evidence about this.”
Thomas Costello, senior manager public relations at GoDaddy responded to the enquiry.
Rather than seeking or requesting more information from the media about an investigation into scamming, Costello’s response seemed dismissive.
“We take cyber-safety very seriously,” Costello said.
He then seemingly suggested that Jeweller staff should report the matter on the GoDaddy Abuse Reporting page, adding that the “abuse team regularly assesses and takes actions against sites that violate our terms of service”.
Of concern is the GoDaddy page that states: “We can't guarantee any particular outcome, but we'll review your complaint and contact you only if necessary. You will not receive updates regarding the evaluation or outcome of the complaint.”
The page is not intended for media requests and/or enquiries about possible large-scale criminal activity.
Worse, Godaddy.com has two links for Abuse Reporting; however, one is non-functional.
A page displaying important company information and its policies also has a ‘Report Abuse’ link which - when tested by Jeweller - generated an error 404 message.
|
GoDaddy states that it "takes cyber security very seriously": the Report Abuse link is non-functional with an error 404 message. Click image to enlarge.
|
Jeweller has contacted GoDaddy CEO Alan Bhutani for an explanation about his company’s claims that it takes “cyber-safety very seriously” while simultaneously appearing to have no interest in being provided information about possible widespread scamming operations involving the services of his company.
Importantly, clarification was also sought from Bhutani on the seemingly contradictory position of GoDaddy claiming to be a ‘trusted’ company while hosting URLs being used for ‘malicious’ activity and at the same time offering to sell the same URL.
Jeweller has been in contact with the US Federal Bureau of Investigation (FBI) for comment and regarding further investigation.
More reading
Presentation at Sydney Fair to detail counter-terrorism and money laundering legal reform
Retailers urged to be vigilant amid cyber security crime wave
Luxury jeweller sues insurer over cyber ransom
Auction house may be held responsible for millions in lost diamonds
Jewellery fair scammers back in business
Warning letter issued over Jewellery Fair scam