Caveat Emptor – Iterum

10760199272?profile=RESIZE_400xWe have cautioned on numerous times to, “Let’s the Buyer Beware.”  Online financial scams continue to run rampant, and people keep falling for them.  Researchers have uncovered a huge network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe.  The platforms show fabricated evidence of enrichment and falsified celebrity endorsements to create an image of legitimacy and lure in a larger number of victims.  The goal of the operation is to trick users into an opportunity for high-return investments and convince them to deposit a minimum amount of 250 EUR ($255) to sign up for the fake services.

10760195485?profile=RESIZE_400xMap of the malicious infrastructure network, Left (Group-IB)

Researchers at cybersecurity company Group-IB discovered the operation and mapped the massive network of phishing sites, content hosts, and redirections.    According to Group-IB, more than 5,000 of the identified malicious domains are still active.  Currently, the countries targeted in this scheme are the UK, Belgium, Germany, the Netherlands, Portugal, Poland, Norway, Sweden, and the Czech Republic. 

Scamming process:  The fraudsters put an effort into promoting the campaigns on various social media platforms or use compromised Facebook and YouTube to reach as many users as possible.

10760195696?profile=RESIZE_400xFacebook post promoting the scam, Right (Group-IB)

Victims that fall for the trick and click on the ads to learn more are redirected to landing pages showing alleged success stories.  The fraudsters then request contact details. A "customer agent" from a call center reaches out to the victim and provides the investment terms and conditions in an elaborate social engineering scam.

10760195899?profile=RESIZE_400xFake investment portal targeting Dutch users, Left (Group-IB)

Eventually, the victim is convinced to deposit 250 EUR or more, while the details provided on the fake site are stored and used for future campaigns or resold on the dark web.

 

 

 

 

 

10760197665?profile=RESIZE_400xAdding funds on the fake investment site, Left(Group-IB)

Once the victim deposits the funds, they get access to a fake investment dashboard that supposedly lets them track daily gains.  This is to prolong illusion of a legitimate investment and entice victims to deposit more money for larger profits.  The scam is revealed when the victim tries to withdraw money from the platform but not before asking for a final payment.

During the investigation, Group-IB researchers interacted with the scammers and recorded the conversation with the operator.  The audio below comes with parts that have been muted for privacy reasons: Investments are never guaranteed to come without a risk, so promises of sure profit should be seen as red flags.  Also, real investment platforms don't offer personal account managers for small investments. 

When an investment platform grabs your attention, it is advisable to make sure that it's from an established broker.  Looking for reviews from other users and analyzing multiple comments for a pattern may also reveal the fraud.  Many times, scammers don't make an effort to mimic a real user's opinion and publish variations of the same text.  Caveat Emptor !

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.     For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com    

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/
  • Website: https://www. wapacklabs. com/
  • LinkedIn: https://www. linkedin. com/company/64265941 

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!