Cybercriminals Deploy Global Investment Scam, Net $280,000Scammers Spoofed Well-Known Brands, Targeted Victims in Middle East, Asia Regions
Cybercriminals have found a new opportunity to exploit retail investors - a popular target among individuals looking to diversify their income. Researchers at Group-IB discovered an ongoing global investment scam that uses money-making investment schemes to lure investors. They estimate victims lost $280,000.
Researchers at Singapore-based cybersecurity company Group-IB began tracking the global investment scam in June 2022. The scheme involved cybercriminals posting fake advertisements on Facebook and impersonating well-known brands to get people to visit a trading portal to invest in stocks.
Between June 2022 and 2023, cybercriminals created 884 unique scam pages, 30% of which impersonated legitimate financial and insurance companies. About 25% of the pages impersonated transportation companies. The scammers included links to these scam pages on Facebook advertisements, offering victims investment opportunities in up to 35 market-leading companies from 13 countries.
After a Facebook user clicked on a maladvertisement, they were redirected to a scam webpage and asked to provide their name, email address and a phone number.
Cybercriminals primarily targeted stock market investors from the Middle East and Africa regions, and a bulk of Facebook advertisements were delivered in the Arabic language.
Armed with names and contact details, the scammers contacted victims by phone and pressured them to deposit funds into their trading portal to earn immediate dividends. If the victim agreed to invest, the scammers then requested information about bank cards, investment amounts, places of residence and passport details.
Scammers asked victims to deposit as little as $200 and promised to invest their money in one of the largest, most globally renowned oil companies to generate attractive returns.
"This particular scam is notable as the cybercriminals leverage multiple communication channels, such as email and direct phone calls, as part of their social engineering efforts," said Sharef Hlal, Group-IB's head of digital risk protection analytics team, MEA.
The cybercriminals also targeted English- and Spanish-speaking people in Latin America and the Asia-Pacific region, and these regions respectively accounted for 9.2% and 4.8% of social engineering attacks involving the use of scam pages.
Online scams have become ubiquitous. The Federal Trade Commission said that U.S. consumers alone lost $8.8 billion to scams in 2022.
In August, researchers at Eset discovered a cybercriminal toolkit, likely built by Russians, that enabled fraudsters to concentrate on honing their social engineering skills without having to worry about the technical side of online scamming (see: Russian Toolkit Aims to Make Online Scamming Easy for Anyone).
The toolkit is designed to allow scammers with minimal technical knowledge to engage in fraudulent activities, such as creating phishing websites and sending fraudulent emails and SMS messages, Eset said.