Confiant Threat Intelligence Team • 4 minute read
Ad-Based Financial Investment Scams - Part I
We have all seen the recent stories on BBC, Guardian, CNN, Reuters, and other news outlets regarding the rise of ad-driven consumer investment scams in the UK, throughout Europe and around the world. Confiant has been tracking these types of scams for several years now. Over the past two quarters we have seen a significant increase in instances of financial investment scams victimizing people around the globe. Some areas that have been particularly hard-hit are the European Union (EU), Australia, Canada, South and Central America, South Africa, India, Malaysia, Taiwan, Hongkong, the United Arab Emirates (UAE), Saudi Arabia, and Russia. It has been particularly prevalent in areas with unstable economic conditions, where people switch to Cryptocurrencies as a protection against inflation.
FINANCIAL SCAMS AND MISLEADING ADS ARE ON THE RISE AROUND THE GLOBE
The growing threat of financial scams often involves false front financial institutions that are legally registered in Cyprus (37%), a host of other countries considered “Offshore” by Eurostat (37%), Estonia and Malaysia (2% each), and licensed throughout the EU as investment brokers. Additionally, more than 17% of the remaining “Onshore” financial institutions identified as being involved in financial scams are either fake entities, unregistered payment intermediaries or unknown (5%). Threat actors have inserted themselves through the vector of advertising to scam your customers. These fake financial firms are capitalizing on the rise in popularity of cryptocurrencies, online trading and mobile investment apps. Confiant unmasked a financial cryptocurrency scam netting over $1 million per day from victims.
In our “Financial Crime: Ad Driven Investment Scams” document, Confiant tracked and identified threat actors who have utilized common fraudulent advertising tactics to lure their victims into disguised fraudulent investment scams. Here’s an example of some user outcomes.
- BBC News, July 29, 2021, reported the story of Joseph (a pseudonym) who lost more than £250,000 in an online crypto currency investment scam. He was lured into a cycle of investing more-and-more of his life savings in the false online trading scam, convinced that he was making profits. Joseph says he lost his life savings to that financial scam. His story is unfortunately far from unique. In 2018 the FTC projected that consumers may be losing as much as $3 billion that year in crypto scams. Those numbers have likely been eclipsed due to the Pandemic. “Recent Victims of a prolific bitcoin scam are reporting individual losses of up to £200,000 after following links on AOL, MSN, Yahoo and Facebook”
- ABC News, September 19, 2019, reported the story of Bunbury Australia resident, Jane Smith (a pseudonym), who lost $670,000 through an ad-based financial scam. The bogus ad was made to look like an authentic ABC News story of the famous Australian mining billionaire, Andrew Forrest’s latest miracle investment. This ad and many like it using other faked celebrity endorsements are posted on Facebook, LinkedIn, Instagram, and other trusted websites. The scam ads are supported by authentic looking financial websites with related articles that support the fraudulent scams. Her money was lost as soon as she deposited it. Her attempts to have the Australian Cyber Security Centre (ACSC) and the Australian Federal Police's operations monitoring centre, and the Western Australian Police take action were largely unsuccessful. The police traced the transactions to banking resources in Eastern Australia and then to an entity registered to a bogus financial investment firm registered in Saint Vincent and the Grenadines.
Scams Have Morphed From Cryptocurrency To “False Front” INVESTMENTS
More recently, we have seen the threat actors go beyond crypto-scams to the creation of advertising for false front EU investment firms that appear legitimate. But their ads hijack the names of trusted brands like Netflix, Amazon or famous celebrities like Elon Musk, to lure investors into their scams that steal their personal information or draw them directly into a financial scam.
Consumers in the United Kingdom have been especially heavily targeted, though we have observed these financial scams throughout the EU and in many other countries. The scams are a significant financial threat to EU consumers as potential victims. TNW news reported that “Google Ads is infested with investment scams that earn it millions” as 90% of adverts it displays when searching for common investments are scams. In the October 14, 2021 article, “Welcome to Britain, the bank scam capital of the world”, Reuters reported that fraudsters had stolen £754 million ($1 billion) through financial scams from UK citizens, in the first six months of 2021 alone.
- A recent example of this type of false front investment fraud was reported on BBC Radio News where the victim, Naveed, was scammed out of £500,000 in an elaborate online financial scam. Naveed is a highly educated EU citizen with university degrees in chemical engineering and computer science. He stated in the report “I’ve been running my business for the last 20 plus years and have always been so careful with money.” However, he was suckered into the investment scam through an online advertisement for investment in stocks and shares that he clicked on and filled out an online form. But, he had no idea that it was run by a fraudulent organisation that targeted EU citizens with ads like the one he responded to. In less than four months, the fraudsters had convinced him to turn over £500,000 of his hard-earned savings in fake investments.
This is a graphic representation of the Confiant STIX v2.1 financial scam kill-chain example. Graphic generated using the CTI-STIX-VISUALIZATION tool from oasis-open, ref: https://oasis-open.github.io/cti-stix-visualization/
Sophisticated Fraudsters Design Elaborate Financial Scams
Most of the fraudulent investment firms operate at the end of an elaborate “kill-chain” responsible for a large amount of the current malvertising investment scams. According to victim’s complaints, the fraudulent investment firms are reportedly responsible for a wide variety of unsavory practices that are discussed in Confiant’s, “Financial Crime: Ad Driven Investment Scams” and associated briefing. In it, we dubbed one leading financial scam threat actor HircusPircus. They are financially and technically savvy as well as ruthless. Their scam usually starts with ads offering investment opportunities in well-known, high-performing companies or cryptocurrencies. Their ploys include customized entry point ads, pre-landing pages, entry forms to gather user personal data, and scam investment portals and payment pages (sometimes third-party payment sites) that make it appear like the victims are making profits on the invested funds through their fraudulent portal.
Confiant’s ongoing threat intelligence work maps some of the tactics in the entire kill-chain of HircusPircus, as well as tracking several other active threat actors that Confiant has previously identified. Increasingly complex scams by the emboldened scammers have gone beyond Europe to other parts of the world as well.
But, the story doesn't end here. In our discussion of Financial Investment Scams Part II, we will explore the deeply deceptive world of financial scams, their global reach, some of the types of ads they use to hook consumers, and what financial fraud departments can do about it.
Interested in learning more? Speak with Confiant’s Threat Intelligence Team at: EnterpriseSecurity@Confiant.com