Ethical hackers unearth 39 nutritional supplement scam sites


An investigation by ethical hackers at CyberNews into one pensioner’s missing vitamin order has unearthed a network of 39 scam sites.

In April 2020, retiree Isabelle Taylor of Boise, Idaho, placed an order for nutritional supplements from Tempted by a 35 percent discount from the usual retail price, she paid via PayPal and quickly received a tracking code from UPS.


Foul play was evident when the code gave details of a package delivered five days earlier. Following unsuccessful attempts to contact the seller and dispute the fraudulent charge with PayPal, Taylor tipped off ethical hackers at CyberNews. They secured a ‘goodwill refund’ from PayPal and began an investigation into the crime.

Taylor didn’t consider anything strange about the transaction.

CyberNews’ investigations team revealed that Taylor’s experience was the tip of the iceberg. An archived Terms of Service page for listed an address in Atlanta, Georgia, which led the ethical hackers to a similar site,


After CyberNews analysed its IP address and related keywords, it discovered that there were 39 websites connected in this cluster of scam sites, alongside seemingly related malicious files.

CyberNews Senior Researcher Bernard Meyer said, “Isabelle is one of many victims that have been scammed by what appears to be a widespread and sophisticated attack.

“The criminals are exploiting the point at which the systems of two companies - PayPal and UPS - meet and rely on each other, to create the illusion of legitimate transactions and defraud innocent people.”


The PayPal-UPS scam has plagued customers for several years, and its success rides on certain PayPal terms which favour the seller. The con involves tricking a customer into buying products from a fake website, where the transaction must be completed using PayPal.

As the scammer is using a new or suspect account, PayPal does not release the funds until proof of shipping is provided. The scammer submits a fake UPS tracking number, which PayPal not only accepts, but honours in customer disputes – just like Taylor’s case. While she was happy to receive her refund,



The CyberNews team traced the origins of the scam site cluster to early 2020 and warns customers to be vigilant in the present era.

“Since March, we have seen a significant rise in cybercrime,” said Mr Meyer. “Scammers are producing convincing fake sites and advertising heavy discounts during a period of worldwide financial instability, where people are particularly conscious of budgets.”

CyberNews has alerted UPS, PayPal, Nestlé and hosting providers Leaseweb USA and Namecheap to the details of the scam. Most of the 39 fraudulent stores found within the scam cluster have been taken down.

Slavery Sky new banner 1.png