Threat Watch

Network of 11,000 Fake Investment Sites Targets Europe

11,000 domains used to promote numerous fake investment schemes to users in Europe have been uncovered. Falsified celebrity endorsements and fabricated evidence were used to create an image of legitimacy and lure in potential victims. Users were tricked into believing the offer of a high-return investment. The operation was discovered by Group-IB who mapped out phishing sites, content hosts, and redirections. 5,000 of these identified domains are still active. The threat actors put an effort into promoting the campaigns on various social media platforms and use compromised accounts to reach as many users as possible. Victims that click on the ads are redirected to landing pages showing alleged success stories. The threat actors request contact information and then a “customer agent” reaches out to provide investment terms and conditions. If the victim is convinced and deposits the minimum 250 euros, they get access to a fake investment dashboard that allows them to track daily gains. The scam is revealed when the victims try to withdraw money.


Investments are never guaranteed to come without risk, so promises of sure profits should be seen as an immediate red flag. Also, personal account managers are not used by real investment platforms for small investments. It is advisable to make sure an investment platform is being run by an established broker. Looking for reviews and analyzing multiple comments could also reveal the fraud; scammers often mimic a user’s review from another service and use different variations of the same text.