Web-based scam uses fake Facebook ads to claim celebrity endorsement

In: Digital Marketing

A circular social engineering scam that forces the victim to keep paying in order to reach a “cash-out” threshold for a bogus investment claiming to be backed by celebrities has been spotted across Europe.

Group-IB’s cyber emergency team discovered the scam, which targeted people in nine countries including the UK, Germany, the Netherlands and the Czech Republic.

“The main aim of these fake investment schemes is to convince victims to repeatedly transfer funds to the fake investment portal,” Group-IB explained. “The victims are usually promised huge returns on their investments and shown celebrity stories of how I got rich.”

Group-IB caught the scammers in their lie by posing as the victim. The scam involved an artful amalgamation of offline and online social engineering methods, luring the gullible with websites and “fraudulent Facebook pages” and other deceptive posts on legitimate platforms like YouTube.

“The message displayed on these platforms makes it seem like there is a bulletproof service to earn online income,” said Group-IB. “The news is that the service is being used by famous people around the world. That can be anything from Elon Musk to local Dutch and British celebrities.”

A line of people in front of an ATM, shown in a Facebook post. — Dutch language Facebook ad used by scammers to lure in the unwary.

A unique offer!

In line with most of these tricks, the news item claims “a unique offer” that only requires a “minimum deposit of $250 to get started.”

“Once the victim lands on the fake broker’s website, they see various fake messages from people who have made ‘successful’ trades and are about to withdraw funds,” Group-IB said. “For example, the fake brokerage site states that a random name from your town has just withdrawn a few hundred euros.”

Scammers also contact victims directly by phone, posing as customer service representatives, with the ultimate goal of convincing them to pay at least the initial deposit required, or even more. Group IB employees working undercover found the scammers very convincing, asking investors legitimate-sounding questions about how they usually make their money – but always giving an affirmative answer to encourage them to part with their money.

“The victim receives a call from scammers who provide a link to the latest fraudulent investment project with a personal account,” Group-IB said. “To start trading, the victim needs to top up the balance. This “fake” account manager “helps” the victim on their investment dashboard, increasing the chances that the scammers will receive more than $250. It also allows the scammers to change certain values so that the dashboard meets the victim’s expectations.”

A nightmare ride

Once the victim has paid the down payment, their nightmare begins and they find themselves on a scam carousel that takes them through the houses and tells them that their investment has tripled in just a few days and they should invest more accordingly.

But whenever a victim attempts to recoup the illusory gains, they are told that they must keep investing in order to reach a “payout threshold.” Of course, this never happens, and the only way to get out of the merry-go-round is to realize you’ve been scammed and cut your losses.

Of the 12,000 web domains used in the elaborate list, Group-IB found 5,000 still active at the time of their research. The lifespan of individual fraudulent domains varied from a few days to several months – with the more successful ones quickly being taken down and replicated elsewhere.

“The scammers use certain keywords and top-level domains to lure unsuspecting internet users into their scheme,” Group-IB said. “Keywords range from specific asset classes like bitcoin and gold, but they don’t stop there. They continue to set up programs that target specific countries.”

It added: “Investments can often be made through legitimate and established brokers. There are many websites that provide detailed information about it. Don’t just click on a site and join via an ad, do your own research online and make sure you’re dealing with a reputable site.”