Researchers at cybersecurity firm Group-IB have discovered a network of more than 11,000 websites to promote different fake investment schemes to European users. The sites use fake evidence and falsified celebrity endorsements to make their schemes believable.
The following countries are currently being targeted.
- Czech Republic
The goal of the fake investment websites seems to be tricking users into a low-investment, high-return opportunity by getting them to deposit at least €250 ($255 at the time of writing) and sign up for the fake service. At the time of writing, more than 5,000 of the discovered malicious domains are still active, according to the researchers at Group-IB.
This is quite similar to deepfakes being used to promote crypto scams, something the crypto space has been dealing with for quite some time. Images and videos of crypto figures like Elon Musk often get deep-faked to promote crypto investment scams.
In a similar fashion, the scammers seem to have done a lot of work towards promoting their campaigns on several different social media platforms and have taken another page out of crypto scammers’ books and are using compromised Facebook and YouTube accounts to spread their campaign further.
Once a target lands on any of these sites, the scammers request contact details, and a “customer agent” gets in touch with them to provide investment terms and conditions as part of their social engineering scam. Once the target makes the €250 payment, their details are stored and used for future campaigns or sold on the dark web.
To keep victims from knowing about the scam immediately following the payment, they’re led to a fake dashboard that’s meant to trick them into tracking the fake investments daily, monitoring any gains to lure victims into putting more money in the scam.
The scam eventually gets revealed when the victim tries to withdraw money, asking them for final payment to reach the cash-out threshold. If they choose to invest more, they’re lured into the scam again. If they don’t, no money is cashed out, and the victim finally realises they’ve been played.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.