Lotsy Group: The group which has been named “Lotsy” has been seen carrying out campaigns for the past few years targeting different groups of people. The campaigns are fake emails, which offer the recipient the chance to win something for free. Once the user clicks on the email, they are then redirected to a webpage which has the user fill out their information and a survey, which is used to gain trust from the user. After the user fills out the survey, they will see a page that has fake Facebook comments saying how happy people were with the free gifts. The user will then be asked to share the website with friends on Facebook or WhatsApp. After a user brings their friends into the scam, the user will be sent to a webpage that either has them download a browser extension, register for a hook-up site or the worst possible situation of being directed to a malicious website. The type of page the user gets redirected to in the end depends on their country and device they are using. The group currently has 114 domains registered but were only using about 14 at the time of discovery. At any time, the group could activate any of the other domains that they own. The group tries to remain hidden by not using known brand domains to bring attention to themselves.
Analyst Notes
Scams like this have been around for a long time, and it is likely we will continue to see these types of attacks continue whether they are from the same group of some a different one.
