Web-based scam uses fake Facebook ads to claim celebrity endorsement
A circular social engineering scam that compels the victim to keep paying to reach a “cash-out” threshold on a fake investment that claims celebrity endorsement has been detected across Europe.
Group-IB’s cyber emergency response team detected the scam targeting people in nine countries, including the UK, Germany, the Netherlands, and the Czech Republic.
“The main goal of these fake investment schemes is to convince the victims to repeatedly transfer funds to the fake investment portal,” explained Group-IB. “The victims are usually promised huge returns on their investments and are shown ‘how I got rich’ stories featuring celebrities.”
Group-IB caught the confidence tricksters in their lie by posing as a victim. The scam involved an artful interweaving of offline and online social engineering methods, luring the gullible with websites and “rogue Facebook pages” and other fraudulent postings on legitimate platforms such as YouTube.
“The message displayed on those platforms makes it seem like there is a bulletproof service for making an online income,” said Group-IB. “The messages state that the service is used by famous people globally. This can be from Elon Musk to local Dutch and UK celebrities.”
A unique offer!
In keeping with most such con tricks, the message claims “a unique offer” that just requires a “minimal deposit of 250 euros to get started.”
“Once the victim lands on the fake broker site, they will see various fake messages of people that have had ‘successful’ trades and are in the process of cashing out,” said Group-IB. “The fake broker site will, for example, state that a random name from your city just has withdrawn a couple of hundred euros.”
Fraudsters also contact victims directly by phone, posing as account managers – with the ultimate purpose of persuading them to pay at least the initial asking deposit or even more. Group-IB operatives working undercover found the fraudsters very convincing, asking legitimate-sounding questions of investors such as how they earn their money normally – but always giving a positive response to encourage them to part with their cash.
“The victim receives a call from scammers who provide a link to the final fraudulent invest-project with a personal account,” said Group-IB. “To start trading, the victim needs to replenish the balance. This ‘fake’ account manager will ‘assist’ the victim on their investment dashboard, increasing the likelihood that the scammers can get more than 250 euros. It also allows the fraudsters to change specific values so the dashboard meets the expectations of the victim.”
A nightmare ride
Once the victim pays the deposit, their nightmare begins, and they find themselves on a fraud carousel that leads them around the houses, telling them that they have seen their investment triple in just a few days and should invest more accordingly.
But whenever a victim tries to make good on the illusory profits, they are told that they must keep investing to reach a “cashing out”' threshold. Of course, this never happens, and the only way to get off the carousel is to realize you have been scammed and cut your losses.
Of the 12,000 web domains used in the elaborate ruse, Group-IB found 5,000 still active at the time of its research. The lifetime of individual fraudulent domains varied from a few days to several months – with the more successful ones being taken down swiftly and replicated elsewhere.
“The fraudsters make use of specific keywords and top-level domains to trick unaware internet users into their scheme,” said Group-IB. “The keywords range from specific investment categories like bitcoin and gold, but this is not where they stop. They continue to set up schemes that target specific countries.”
It added: “Investments can often be done via legitimate and established brokers. There are many sites that provide detailed information about these. Don’t simply click and join a site via an advertisement, do your own research online and validate that you are dealing with a legitimate website.”
More from Cybernews:
Subscribe to our newsletter