Phishing scammers have targeted thousands of victims in an intricate cryptocurrency fraud, it was revealed this week. They used extensive information about the victims along with a complex multi-stage campaign that used fake news sites and celebrity names to lure them into a fraudulent investment scheme.
The online heist, discovered by Singapore-based threat hunting and intelligence company Group-IB, targeted victims across countries including the UK, Australia, South Africa, the US, and Singapore.
Victims receive a text message informing them of a news report about a lucrative new investment scheme. The message contains a URL supposedly pointing to a well-known media outlet. In fact, it is a unique short link to a redirect page. This page uses the short link to look up extensive personal data about the victim, including their name, phone number, and occasionally an email address.
The page sends this data when redirecting the victim to a fake news website tailored to look like a legitimate news site. The scammers even fake different news properties depending on the victim’s location. UK residents are taken to a spoofed page from the Daily Mirror, for example.
The fake news story describes the cryptocurrency investment scheme, misleading the victim by attaching a celebrity to the story and claiming that they had made lots of money with it. All links in the article would take the victim to a site for the investment fraud. Links are customized with the victim’s personal information as parameters, which the investment page uses to populate a registration form.
This would leave the victims with little to do other than click the submit button, at which point they are told they will be contacted via phone by a representative. They are also asked to fill their account with a minimum of 0.03 bitcoins.
This is not the first scam to hijack celebrity names in a bid to lend credence to a shady investment site. Group-IB identified a similar one in February. What’s different about this one is the amount of personal information that the scammers already had about each victim, the company said. It has searched for this information on online marketplaces to no avail. The scammers may have purchased the information from a data broker, it mused.
Cryptocurrency scammers have a habit of hijacking well-known brands and names. One common tactic is to take over verified Twitter accounts to get that all-important blue badge, and then to alter the account name to make it look like a celebrity is writing the tweets. Scammers have used this tactic to hijack Elon Musk’s name when luring people into cryptocurrency fraud.