Security researchers have uncovered a massive investment fraud campaign targeting European victims via online and phone channels.
The “gigantic network infrastructure” seen by Group-IB covers over 10,000 rogue websites localized for users in the UK, Belgium, the Netherlands, Germany, Poland, Portugal, Norway, Sweden and the Czech Republic.
Victims are first lured by posts about fake investment schemes on compromised social media accounts like Facebook and YouTube.
Often images of local or global celebrities are used to make the scam seem more legitimate.
Clicking on the post will take them to a fake broker site, which will have a high quality design.
“Once the victim lands on the fake broker site, they will see various fake messages of people that have had ‘successful’ trades and are in the process of cashing out. The fake broker site will for example state that a random name from your city just has withdrawn a couple of hundred euros,” Group-IB explained.
The victim will then be required to fill out a contact form. Once they do, they will receive a call from a scammer masquerading as a broker.
“After filling out the form, the victim receives a call from scammers who provide a link to the final fraudulent invest-project with a personal account. To start trading, the victim needs to replenish the balance,” said Group-IB.
Once they make the card payment, they’ll get a login to a fake investment dashboard.
“In the fake dashboard profit will be shown, while literally there is no profit as all is fake,” Group-IB continued.
“The scammers do this to be able to ask the victim for more money, as the victim believes good profits are being made. No actual trading is taking place on the platform.”
However, if the victim decides not to deposit any more money and wants to cash out, they will be required to put more money in to meet a ‘pay out threshold.’ Even if they do this, they’ll be asked for more money.
Of the 11,197 domains involved in the campaign, over 5000 remained active at the time of writing.