Dubai — Group-IB, a global cybersecurity leader headquartered in Singapore, in coordination with the UAE Cybersecurity Council has today published new research outlining a new fake investment scam that is targeting users across the globe. In total, experts from Group-IB’s Digital Risk Protection team uncovered almost 900 unique scam pages leveraged by the cybercriminals behind this still-ongoing scheme. Links to these scam pages were contained in Facebook advertisements purchased by the scammers and the text of these posts offered users the opportunity to invest in one of 35 market-leading companies from 13 countries. This text was often accompanied by an image in which the scammers used the logo of the impersonated company in question. In total, 60% of the scam pages created in this scheme, which peaked in activity in December 2022, targeted users from the Middle East and Africa (MEA) region. Based on Group-IB’s estimations, this scam campaign caused roughly $280,000 in financial damages for internet users between March and June 2023.
Group-IB has a zero-tolerance policy to cybercrime, and the company blocked all discovered scam pages that contained the brand name or likeness of Group-IB clients. In order to investigate this scam campaign, Group-IB analysts used the company’s proprietary Digital Risk Protection platform, leveraging its AI technology and highly accurate logo analysis and text recognition features. The company’s researchers are continuing to monitor this scam scheme amid the continued uptick in the number of retail investors and, subsequently, investment scams.
Taking stock
The core aim of the cybercriminals behind this campaign is financial gain, as they leverage sophisticated social engineering techniques to exploit individuals’ vulnerabilities and inherent trust in well-known brands. Group-IB researchers first began tracking this scam scheme in June 2022, when the campaign burst into life, although there is evidence to suggest that the scammers purchased a small portion of the domains used to host scam sites as early as 2020.
Figure 1. Overview of investment scam.
In total, 884 unique scam pages were created and registered by the scammers since the start of the campaign. The peak in activity was registered in December 2022, when 308 new pages were created. Throughout the entire duration of the scam campaign, 60% of scam pages targeted users in the MEA region, with the bulk of these adverts containing text written in the Arabic language. Users in Latin America were targeted on 9.2% of the scam pages, and 4.8% of scam pages were geared towards users in the Asia-Pacific region, while 25% of the resources had no specific geographic focus.
Due to the sector’s seemingly easy integration with investment opportunities, 30% of scam pages discovered during this campaign impersonated legitimate financial and insurance companies. Other highly targeted sectors were transportation (25% of all scam pages), stock trading (8.6%), oil and gas (5.3%), and construction (5.3%).
Group-IB researchers estimated the potential financial losses from this campaign over a four-month period to amount to $280,000. This figure was drawn from an analysis of activity on several of the scam sites leveraged between March and June 2023.
H.E Dr. Mohamed Al Kuwaiti, Head of Cybersecurity for the UAE Government, said: "As technology continues to advance, so do its risks. Our eagerness to adopt new innovative technologies in the pursuit of advancement has made us an attractive target for cyber criminals. However, we've been resilient in the face of these challenges, learning invaluable lessons and placing cyber literacy as a priority. The UAE Cybersecurity Council has been dedicated to enhancing cybersecurity awareness and fortifying the digital landscape, contributing significantly to reducing the influence of scammers. The UAE, a leader in the cybersecurity space, stands as a prime example with its cutting-edge infrastructure and comprehensive strategy to bolster digital defenses. Agility in swiftly addressing emerging threats is paramount in today's dynamic cyber landscape."
Personal scammers
A typical victim will first encounter this scam by seeing an advertisement placed by the cybercriminals on their social media feeds. Group-IB researchers found adverts placed in multiple languages, most notably English, Arabic, and Spanish. On Arabic-language advertisements and scam sites created for this campaign, the scammers entice individuals with claims that they could earn millions by investing a mere $200. These adverts may also use the words “news”, “media”, “investment”, and “digital”, either in English or in Arabic. Spanish-language adverts offer users the chance to earn money each month.
If the user clicks on the advertisement, they are redirected to a scam page that contains the logo and branding of a prominent company, imploring the user to register for the possibility to make quick, easy money by investing. The scammers request the name, email address, and phone number from the user.
Figure 3. Example of an Arabic-language scam page offering users the opportunity to invest in a prominent MEA company.
Once the user has completed this form, they will receive daily emails claiming to be from a trading portal. These emails implore the user to sign up for the chance to begin trading stocks, and the first email contains an account number, login information, password, and server name for their supposed account on this platform. Users are then urged to deposit money into their trading account to begin buying stocks.
If, after a period of time, the user does not place a deposit, they will receive a call from a person claiming to be a customer service representative. This individual begins pressuring the victim to deposit funds, promising the chance to earn immediate dividends. Should the victim agree, they are asked for information about their bank card, desired investment amount and place of residence. Additionally, they will then receive an email asking for their ID and passport. Group-IB researchers examined multiple user testimonies of the investment portal posted online. Users frequently complain that representatives of the portal stop communicating once they transfer money. Users are also blocked on messaging platforms once they request a refund.
“Retail investing is becoming increasingly popular among individuals who are looking for ways to diversify their income, but this has created opportunities for cybercriminals to exploit this trend. This particular scam is notable as the cybercriminals leverage multiple communication channels, such as email and direct phone calls, as part of their social engineering efforts. Investment scams have the potential to cause great financial damage to victims, given the potential large sums of money involved, and we urge individuals to never share personal information or money with third parties unless you are certain of their legitimacy,” Sharef Hlal, Head of Group-IB's Digital Risk Protection Analytics Team, MEA, said.
-Ends-
About Group-IB
Group-IB, with its headquarters in Singapore, is one of the leading solutions providers dedicated to detecting and preventing cyberattacks, investigating high-tech crimes, identifying online fraud, and protecting intellectual property. The company’s Threat Intelligence and Research Centers are located in the Middle East (Dubai), Asia-Pacific (Singapore), and Europe (Amsterdam).
Group-IB’s Unified Risk Platform is an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB’s products and services consolidated in Group-IB’s Unified Risk Platform include Group-IB’s Threat Intelligence, Managed XDR, Digital Risk Protection, Fraud Protection, Attack Surface Management, Business Email Protection, Audit & Consulting, Education & Training, Digital Forensics & Incident Response, Managed Detection & Response, and Cyber Investigations.
Group-IB’s Threat Intelligence system has been named one of the best in its class by Forrester and IDC. Group-IB’s Managed XDR, intended for proactively searching for and protecting against complex and previously unknown cyber threats, has been recognized as one of the market leaders in the Network Detection and Response category by KuppingerCole Analysts AG, the leading European analyst agency, while Group-IB itself has been recognized as a Product Leader and an Innovation Leader.
Group-IB was granted Frost & Sullivan’s Innovation Excellence award for Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks, with the company’s patented technologies at its core. Group-IB’s technological leadership and R&D capabilities are built on the company’s 20 years of hands-on experience in cybercrime investigations worldwide and over 70,000 hours of cybersecurity incident response accumulated in our leading DFIR Laboratory, High-Tech Crime Investigations Department, and round-the-clock CERT-GIB.
Group-IB is an active partner in global investigations led by international law enforcement organizations such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.
Group-IB's experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB's mission is to protect its clients in cyberspace every day by creating and leveraging innovative solutions and services.
For more information, please contact:
pr@group-ib.com
https://www.group-ib.com
https://www.group-ib.com/blog
Media Contact:
Krisha Doshi
Active DMC
krisha@activedmc.com