Hidden Threat: Cloaked Investment scammers Exposed

CashRewindo (monikered by Confiant’s security team) uses the programmatic process to place their investment scam ads into digital advertising networks alongside legitimate advertisers. They manipulate domain trust to fool ordinary protection solutions, allowing them to attack publishers’ audiences with scam ads. Recently unmasked in Confiant Security Engineer Daniel Fonseca Yarochewsky’s article, “CashRewindo: how to age domains for an investment scam like fine scotch,” where he uncovers how this threat actor’s ad security attack tactics effectively lure victims into investment scams, through digital ads worldwide. Cloaked investment scam ads like CashRewindo negatively affect your site's reputation and degrade trust with your users. 

Identifying Malicious Ads: how to stop cloaked investment scammers on YOUR site

The technical article peels back the onion with detailed examples of how CashRewindo uses legitimate ads with effective creative content and graphics but then swaps out to bait ads that lead victims to their scams. Yarochewsky exposes CashRewindo’s malicious ‘cloaked’ landing pages designed to hide their malevolent content and avoid detection from ordinary scanner solutions, most savvy users, and even many security experts. The article offers a technical overview of how this threat actor uses ‘aged’ assets, like older domains, virtual servers, and image asset histories, to bypass reputation-based security controls.

The programmatic process feeds CashRewindo and other ad security threats to sites like yours daily. Unless you or your ad tech staff do something about it, it’s only a matter of time before your users are served the CashRewindo ads. 

The full article is an eye-opener that’s worthy of your tech team’s attention. Read it here.