FTC Sues Click Profit For Deceptive AI Investment Promises - 1

Image by Anne Nygård, from Unsplash

FTC Sues Click Profit For Deceptive AI Investment Promises

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

The Federal Trade Commission (FTC) has taken legal action against Click Profit, an e-commerce company accused of defrauding consumers through a “passive income” scheme.

In a rush? Here are the quick facts:

  • Consumers paid up to $75K, but most never earned the promised profits.
  • Click Profit falsely claimed partnerships with Nike, Disney, and other major brands.
  • Amazon suspended 95% of Click Profit’s stores for violating seller policies.

The FTC alleges that Click Profit, along with its co-founders Craig Emslie and Patrick McGeoghean, misled people into investing tens of thousands of dollars in online storefronts, promising high returns that never materialized.

Customers were also required to spend an additional $10,000 or more on inventory, with Click Profit taking up to 35% of any profits. The company claimed its AI-powered system could generate wealth, showcasing supposed success stories of storefronts making over $540,000 in monthly sales, as reported by CNBC .

However, the FTC says these claims were false. “In reality, the highly touted AI technology and brand partnerships do not exist, and the promised earnings never materialize,” the complaint states .

Emslie, one of the company’s co-founders, aggressively marketed the program, often appearing in TikTok ads flaunting wads of cash. In one video, he claimed that traditional investments like “the stock market, real estate, or precious metals will never be able to offer you” the same level of security as Click Profit, as reported by CNBC.

The lawsuit also details how Click Profit allegedly silenced unhappy customers. One victim, who lost his life savings, posted a negative review online and was later threatened with a lawsuit. According to the FTC, Emslie’s attorney told the man, “F*** off,” when he asked for a partial refund.

FTC Bureau of Consumer Protection Director Christopher Mufarrige condemned the company’s actions, saying, “Click Profit misled consumers by falsely promising them guaranteed passive income using cutting-edge AI technology and exclusive brand partnerships,” reports CNBC

The FTC has filed a lawsuit in the U.S. District Court for the Southern District of Florida, seeking to ban Click Profit from doing business permanently and to secure financial relief for its victims. A federal court has already issued a temporary restraining order against the company while the case proceeds.

DollyWay Malware Scheme Infects Over 20,000 WordPress Sites - 2

Image by WebFactory Ltd, from Unsplash

DollyWay Malware Scheme Infects Over 20,000 WordPress Sites

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

GoDaddy Security researchers have uncovered a massive malware operation called “DollyWay World Domination” that has been quietly infecting over 20,000 websites since 2016.

In a rush? Here are the quick facts:

  • Malware uses advanced tricks like automatic reinfection and hiding in plugins to stay undetected.
  • Creates hidden admin accounts and steals real admin credentials for long-term access.
  • Generates 10 million malicious page views monthly, earning attackers millions of dollars.

The campaign, named after a line of code found in the malware, uses hacked WordPress sites to trick visitors into clicking on scam pages, earning the attackers millions of dollars.

The operation has evolved over the years, starting in 2016 with campaigns like Master134 and Fake Browser Updates. The latest version, DollyWay v3, is highly advanced, using clever tricks to stay hidden.

For example, it can automatically re-infect websites, remove other malware, and even update WordPress to keep the site running smoothly while hiding its malicious activity.

Here’s how it works: When you visit an infected website, the malware secretly redirects you to scam pages, often related to dating, crypto, or gambling. These scams are part of a larger network run by cybercriminals called VexTrio. The malware is so sneaky that it avoids detection by ignoring bots, logged-in users, and even local visitors.

As of February 2025, over 10,000 WordPress sites are infected, generating around 10 million malicious page views every month. The malware is designed to stay hidden, making it hard for website owners to notice anything is wrong.

One of the most concerning features of DollyWay v3 is its ability to keep reinfecting websites. Every time someone visits an infected site, the malware checks to make sure it’s still in control. If it finds any security plugins, it disables them. It also hides malicious code inside legitimate plugins and WPCode snippets, making it even harder to detect and remove.

The attackers also create hidden admin accounts with random usernames and email addresses. These accounts let them access the site anytime, even if the original admin tries to remove them. In some cases, the malware even steals the real admin’s login details to maintain access.

To make matters worse, the malware uses advanced encryption to protect its code and ensure only the attackers can control it. It also uses a network of 14 infected websites, called TDS nodes, to manage the scam redirects. These nodes are updated daily to keep the operation running smoothly.

Website owners are urged to check their sites for signs of infection, such as unexpected redirects or strange admin accounts. Using strong security plugins and keeping WordPress updated can help protect against these kinds of attacks.