11,000 domains used to promote numerous fake investment schemes to users in Europe have been uncovered. Falsified celebrity endorsements and fabricated evidence were used to create an image of legitimacy and lure in potential victims. Users were tricked into believing the offer of a high-return investment. The operation was discovered by Group-IB who mapped out phishing sites, content hosts, and redirections. 5,000 of these identified domains are still active. The threat actors put an effort into promoting the campaigns on various social media platforms and use compromised accounts to reach as many users as possible. Victims that click on the ads are redirected to landing pages showing alleged success stories. The threat actors request contact information and then a “customer agent” reaches out to provide investment terms and conditions. If the victim is convinced and deposits the minimum 250 euros, they get access to a fake investment dashboard that allows them to track daily gains. The scam is revealed when the victims try to withdraw money.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is