global cybersecurity leader headquartered in Singapore, in coordination with the UAE Cybersecurity Council has today published new research outlining a new fake investment scam that is targeting users across the globe. In total, experts from Group-IB’s Digital Risk Protection team uncovered almost 900 unique scam pages leveraged by the cybercriminals behind this still-ongoing scheme. Links to these scam pages were contained in Facebook advertisements purchased by the scammers and the text of these posts offered users the opportunity to invest in one of 35 market-leading companies from 13 countries. This text was often accompanied by an image in which the scammers used the logo of the impersonated company in question. In total, 60% of the scam pages created in this scheme, which peaked in activity in December 2022, targeted users from the Middle East and Africa (MEA) region. Based on Group-IB’s estimations, this scam campaign caused roughly $280,000 in financial damages for internet users between March and June 2023.
Group-IB has a zero-tolerance policy to cybercrime, and the company blocked all discovered scam pages that contained the brand name or likeness of Group-IB clients. In order to investigate this scam campaign, Group-IB analysts used the company’s proprietary Digital Risk Protection platform, leveraging its AI technology and highly accurate logo analysis and text recognition features. The company’s researchers are continuing to monitor this scam scheme amid the continued uptick in the number of retail investors and, subsequently, investment scams.
Taking stock
The core aim of the cybercriminals behind this campaign is financial gain, as they leverage sophisticated social engineering techniques to exploit individuals’ vulnerabilities and inherent trust in well-known brands. Group-IB researchers first began tracking this scam scheme in June 2022, when the campaign burst into life, although there is evidence to suggest that the scammers purchased a small portion of the domains used to host scam sites as early as 2020.
In total, 884 unique scam pages were created and registered by the scammers since the start of the campaign. The peak in activity was registered in December 2022, when 308 new pages were created. Throughout the entire duration of the scam campaign, 60% of scam pages targeted users in the MEA region, with the bulk of these adverts containing text written in the Arabic language. Users in Latin America were targeted on 9.2% of the scam pages, and 4.8% of scam pages were geared towards users in the Asia-Pacific region, while 25% of the resources had no specific geographic focus.
Due to the sector’s seemingly easy integration with investment opportunities, 30% of scam pages discovered during this campaign impersonated legitimate financial and insurance companies. Other highly targeted sectors were transportation (25% of all scam pages), stock trading (8.6%), oil and gas (5.3%), and construction (5.3%).
Group-IB researchers estimated the potential financial losses from this campaign over a four-month period to amount to $280,000. This figure was drawn from an analysis of activity on several of the scam sites leveraged between March and June 2023.
