Group-IB discovered more than 50 different schemes of fake investment projects and more than 8,000 domains associated with fraudulent infrastructure. Those wishing to get rich quickly are offered to invest in cryptocurrencies, purchase of shares of oil and gas companies, gold, pharmaceuticals and other "assets". In fact, everything turns into the theft of money from freshly baked investors or their bank card details. Most of the cases studied are technically new "hybrid schemes" - in them, along with traditional phishing, fake mobile terminal applications are used, as well as calls from "personal consultants".
Fraud with fake investment projects has been observed since at least 2016. It became widespread in 2018-2020 during the boom in private investment in Russia. And since the beginning of 2021, CERT-GIB specialists have recorded an explosive growth in investment Internet scams - over the past 9 months, 163% more domains for investment projects have been registered than in all previous years.
In general, from the moment the scheme was actively disseminated - in 2018 - until the third quarter of 2021, thanks to the graph analysis system of the network infrastructure, Group-IB specialists discovered more than 8,000 domains involved in the implementation of fraudulent investment projects. It is noteworthy that only one attacker from one mailing address from June to July 2021 registered 322 domains, which he planned to use to deceive would-be investors. In turn, the CERT-GIB 24/7 Cyber Incident Response Center identified over 50 landing page templates with various ready-made investment scenarios on how to invest in order to "get rich quick without much effort." For example, only one group of 150 people lost about 300 million rubles ($ 4.0 million) by buying bitcoins under the guise of investments on "brokerage exchanges" - the deceived investors themselves reported to Group-IB.
Super Profits for the People In the spring of 2021, CERT-GIB specialists noticed a massive advertising campaign in social networks, in which well-known entrepreneurs, politicians or brand ambassadors "offered" private investors to participate in ultra-profitable investment projects. More often than others, the fake posts featured the creator of Telegram, Pavel Durov, who allegedly "despite the prohibitions" created for the Russians the blockchain platform "Gram Ton" - "a bulwark of digital resistance." The scammers illegally used their advertising posts, including images of Mr. Durov and three overtly populist scams:
"Alternative to banks" - about the emergence of a new financial platform that allows investors to receive incredible income;
"Mineral resources - to the people!" - on "national projects" for the development of surplus profits from trade in oil and gas;
Finance for People ”- about admission to“ closed ”for the majority of investment instruments of real financial organizations.
The attackers illegally used the style of popular news resources such as Russia-24, Russia Today, or RBC to design landing pages and advertising posts calling to invest in dubious projects. Naturally, these pages had nothing to do with real media companies.
How to steal a million: polls, operator calls and mobile terminals As soon as a novice investor takes the bait, he is directed to a questionnaire site from a "well-known bank" or to colorful one-page landing pages of an investment project. As a rule, all of them are associated with trading in "crypto", fiat currencies, precious metals, minerals, natural resources, pharmaceuticals. Almost each of the projects promises fantastic earnings - 300,000 to 10,000,000 rubles a month. The scammer's task is to make the victim believe in the investment project so that she leaves her contact information for communication with a “personal consultant”.
Having told by phone about a unique project, where supposedly a special bot program helps to make money at auctions, the “consultant” invites the user to register in the system and make a deposit of $ 250 or more. If the client is in doubt, he may be advised to book a place in the project by making an advance payment, for example, in the amount of 10,000 rubles through a popular cryptocurrency exchanger. When connected to the system in the "personal account", the future investor is shown successful trading results, the growth of his savings, but behind the beautiful numbers there is a void - all these investment projects do not imply withdrawal of funds, only crediting.
In some cases, the manager asks to provide the bank card details (including secret codes) with which the potential "participant" plans to make investments, and allegedly sends a request to the bank for approval of the deposit. In fact, money is simply debited from the account. As in popular vishing schemes with a call from a “bank employee”, the operator constantly “guides” the victim according to the script, encouraging or persuading them to fulfill all the necessary conditions.In addition to the described scenario, CERT-GIB specialists have identified a fully automated scheme in which deception occurs without human intervention. From an advertising post on a social network, the victim is sent straight to GooglePlay, where a novice investor needs to download a mobile application - a trading terminal. After a short training course, the investor makes a deposit of $ 250, $ 500 or $ 1000, which, of course, is not refundable. If a novice player, after some time, still wants to withdraw his virtual money, the system offers him to pay the “payment gateway commission”. Thus, with the help of a fraudulent trading terminal, the investor is deceived again.
"Each legend offered its own unique approach and technique of earning. The scammers who develop these templates approached the task quite creatively, and such a wide variety of fraudulent scenarios within this scheme may indicate its success, which, in turn, will lead to the emergence of new deception scenarios ".
Yaroslav Kargalev, Deputy Head of CERT-GIB.
Group-IB experts warn that the outcome of participation in such investment projects is in most cases the same - in the pursuit of super profits, people may lose all their savings and, moreover, find themselves in credit bondage.
bbabo.Net