- Cybercriminals leverage sophisticated social engineering techniques to exploit individuals’ vulnerabilities and inherent trust in well-known brands.
- In total, 884 unique scam pages were created and registered by the scammers since the start of the campaign.
- Users in Latin America were targeted on 9.2 per cent of the scam pages, and 4.8 per cent of scam pages were geared towards users in the Asia-Pacific region, while 25 per cent of the resources had no specific geographic focus.
Singapore based cybersecurity firm Group-IB has unearthed a new $280,000 fake investment scam that is targeting users across the globe.
The core aim of the cybercriminals behind this campaign is financial gain, as they leverage sophisticated social engineering techniques to exploit individuals’ vulnerabilities and inherent trust in well-known brands.
Group-IB researchers first began tracking this scam scheme in June 2022, when the campaign burst into life, although there is evidence to suggest that the scammers purchased a small portion of the domains used to host scam sites as early as 2020.
Group-IB’s Digital Risk Protection team uncovered almost 900 unique scam pages leveraged by the cybercriminals behind this still-ongoing scheme.
Links to these scam pages were contained in Facebook advertisements purchased by the scammers and the text of these posts offered users the opportunity to invest in one of 35 market-leading companies from 13 countries.
This text was often accompanied by an image in which the scammers used the logo of the impersonated company in question.
Exploiting the trend
In total, 60 per cent of the scam pages created in this scheme, which peaked in activity in December 2022, targeted users from the Middle East and Africa (MEA) region.
Based on Group-IB’s estimations, this scam campaign caused roughly $280,000 in financial damages for internet users between March and June 2023.
In total, 884 unique scam pages were created and registered by the scammers since the start of the campaign. The peak in activity was registered in December 2022, when 308 new pages were created.
Throughout the entire duration of the scam campaign, 60 per cent of scam pages targeted users in the MEA region, with the bulk of these adverts containing text written in the Arabic language.
Users in Latin America were targeted on 9.2 per cent of the scam pages, and 4.8 per cent of scam pages were geared towards users in the Asia-Pacific region, while 25 per cent of the resources had no specific geographic focus.
Sharef Hlal, Head of Group-IB’s Digital Risk Protection Analytics Team, MEA, said that retail investing is becoming increasingly popular among individuals who are looking for ways to diversify their income, but this has created opportunities for cybercriminals to exploit this trend.
Due to the sector’s seemingly easy integration with investment opportunities, 30 per cent of scam pages discovered during this campaign impersonated legitimate financial and insurance companies.
Other highly targeted sectors were transportation (25 per cent of all scam pages), stock trading (8.6 per cent), oil and gas (5.3 per cent), and construction (5.3 per cent).
Personal scammers
A typical victim will first encounter this scam by seeing an advertisement placed by the cybercriminals on their social media feeds. Group-IB researchers found adverts placed in multiple languages, most notably English, Arabic, and Spanish.
On Arabic-language advertisements and scam sites created for this campaign, the scammers entice individuals with claims that they could earn millions by investing a mere $200. These adverts may also use the words “news”, “media”, “investment”, and “digital”, either in English or in Arabic. Spanish-language adverts offer users the chance to earn money each month.
If the user clicks on the advertisement, they are redirected to a scam page that contains the logo and branding of a prominent company, imploring the user to register for the possibility to make quick, easy money by investing.
The scammers request the name, email address, and phone number from the user.
Don’t fall prey
Once the user has completed this form, they will receive daily emails claiming to be from a trading portal. These emails implore the user to sign up for the chance to begin trading stocks, and the first email contains an account number, login information, password, and server name for their supposed account on this platform.
Users are then urged to deposit money into their trading account to begin buying stocks.
If, after a period of time, the user does not place a deposit, they will receive a call from a person claiming to be a customer service representative. This individual begins pressuring the victim to deposit funds, promising the chance to earn immediate dividends.
Should the victim agree, they are asked for information about their bank card, desired investment amount and place of residence. Additionally, they will then receive an email asking for their ID and passport.
Group-IB researchers examined multiple user testimonies of the investment portal posted online. Users frequently complain that representatives of the portal stop communicating once they transfer money. Users are also blocked on messaging platforms once they request a refund.
“This particular scam is notable as the cybercriminals leverage multiple communication channels, such as email and direct phone calls, as part of their social engineering efforts. Investment scams have the potential to cause great financial damage to victims, given the potential large sums of money involved, and we urge individuals to never share personal information or money with third parties unless you are certain of their legitimacy,” Hlal said.
Related posts:
- Classiscam will remain one of the major global scam operations this year
- Over 100,000 compromised ChatGPT accounts for sale on dark web marketplaces
- Need of the hour is to embrace real-time security posture analysis