Singapore-based global cybersecurity leader Group-IB, in collaboration with the UAE Cybersecurity Council, has released new research shedding light on a widespread fraudulent investment scheme targeting individuals worldwide. Group-IB’s Digital Risk Protection experts uncovered a staggering 900 fraudulent webpages employed by the cybercriminals orchestrating this ongoing scam. These deceptive pages were disseminated through Facebook advertisements that enticed users with the opportunity to invest in 35 leading companies from 13 different countries. These posts often featured the logos of the impersonated companies to add an air of legitimacy. Astonishingly, 60% of the scam pages within this scheme, which peaked in activity in December 2022, were focused on users in the Middle East and Africa (MEA) region. According to Group-IB’s calculations, this fraudulent campaign inflicted approximately $280,000 in financial losses on internet users between March and June 2023.
Group-IB maintains a zero-tolerance stance against cybercrime and promptly blocked all identified scam pages that misappropriated their clients’ branding or likeness. To investigate this fraudulent campaign, Group-IB’s analysts employed their proprietary Digital Risk Protection platform, harnessing its AI technology, precise logo analysis, and text recognition capabilities. The company’s researchers continue to closely monitor this scam operation amid the increasing number of retail investors and the subsequent rise in investment scams.
The primary objective of the cybercriminals behind this campaign is financial gain, as they skillfully employ advanced social engineering tactics to exploit individuals’ vulnerabilities and trust in renowned brands. Group-IB’s researchers initiated tracking this fraudulent scheme in June 2022 when it first surfaced, although there is evidence suggesting that the scammers began acquiring a portion of the domains used for hosting scam sites as early as 2020.
In total, the scammers created and registered 884 unique fraudulent webpages since the campaign’s inception. The peak in activity was recorded in December 2022 when 308 new pages emerged. Throughout the campaign’s duration, 60% of the scam pages were directed at MEA region users, with most advertisements written in Arabic. Latin American users were targeted by 9.2% of the scam pages, while 4.8% were aimed at users in the Asia-Pacific region. A quarter of the resources had no specific geographic focus.
Due to the finance sector’s apparent susceptibility to integration with investment opportunities, 30% of the scam pages during this campaign posed as legitimate financial and insurance companies. Other highly targeted sectors included transportation (25% of all scam pages), stock trading (8.6%), oil and gas (5.3%), and construction (5.3%).
Group-IB’s researchers estimate potential financial losses from this campaign over a four-month period at $280,000, based on an analysis of activity across several fraudulent sites used between March and June 2023.
Dr. Mohamed Al Kuwaiti, Head of Cybersecurity for the UAE Government, emphasized, “As technology continues to advance, so do its risks. Our eagerness to adopt new innovative technologies in the pursuit of advancement has made us an attractive target for cybercriminals. However, we’ve been resilient in the face of these challenges, learning invaluable lessons and placing cyber literacy as a priority. The UAE Cybersecurity Council has been dedicated to enhancing cybersecurity awareness and fortifying the digital landscape, contributing significantly to reducing the influence of scammers. The UAE, a leader in the cybersecurity space, stands as a prime example with its cutting-edge infrastructure and comprehensive strategy to bolster digital defenses. Agility in swiftly addressing emerging threats is paramount in today’s dynamic cyber landscape.”
A typical victim first encounters this scam through advertisements placed by cybercriminals on their social media feeds. Group-IB researchers noted that these advertisements appeared in multiple languages, with English, Arabic, and Spanish being the most prevalent. Arabic-language advertisements and scam sites enticed individuals with promises of earning millions by investing a mere $200. These ads often used words like “news,” “media,” “investment,” and “digital,” either in English or Arabic. Spanish-language ads offered users the opportunity to earn monthly income.
Upon clicking the advertisement, users were redirected to a fraudulent page bearing the logo and branding of a well-known company, urging them to register for a chance to make easy money through investments. The scammers requested users’ names, email addresses, and phone numbers.
After completing this form, users would receive daily emails, allegedly from a trading portal, encouraging them to sign up and start trading stocks. The initial email included an account number, login details, password, and server name for their supposed trading account. Users were then prompted to deposit money into their trading account to begin purchasing stocks.
If a user did not deposit funds within a certain timeframe, they would receive a call from someone claiming to be a customer service representative. This individual would pressure the victim to make a deposit, promising immediate dividends. Victims were asked for their bank card information, desired investment amount, and place of residence. Additionally, they would receive an email requesting their ID and passport. Group-IB researchers examined various user testimonies of the investment portal posted online, revealing that users often complained about the portal’s representatives ceasing communication once money was transferred. Furthermore, users found themselves blocked on messaging platforms when requesting a refund.
Sharef Hlal, Head of Group-IB’s Digital Risk Protection Analytics Team for MEA, cautioned, “Retail investing is becoming increasingly popular among individuals who are looking for ways to diversify their income, but this has created opportunities for cybercriminals to exploit this trend. This particular scam is notable as the cybercriminals leverage multiple communication channels, such as email and direct phone calls, as part of their social engineering efforts. Investment scams have the potential to cause great financial damage to victims, given the potential large sums of money involved, and we urge individuals to never share personal information or money with third parties unless you are certain of their legitimacy.”