SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Financial institutions
#
India
#
Malaysia

CloudSEK report uncovers rise in investment scams on social media

Fri, 5th Jul 2024
Author image
By Shannon Williams, Journalist

CloudSEK, a threat intelligence firm, has released a comprehensive report unveiling an increase in investment scams targeting individuals in India and other countries through social media messaging platforms like WhatsApp and Telegram.

Since early 2024, CloudSEK has identified a substantial volume of malicious content circulating on these platforms. The report highlights over 29,000 fraudulent investment advertisements on Facebook and an alarming 81,000 counterfeit investment groups on WhatsApp. Furthermore, it points out the issue of impersonation, with over 81,000 Twitter accounts mimicking known financial institutions to establish credibility for scams.

The report describes sophisticated methods employed by these fraudsters. They impersonate reputable financial institutions and professionals to deceive unwary investors. These scammers lure individuals into fake investment groups, promising significant and rapid returns. The operation involves the misuse of stolen data, creation of fake profiles, and deployment of rigged trading platforms, ultimately leading to financial loss for the victims.

Countries primarily affected by these scams include India, Malaysia, the USA, Thailand, and Vietnam. According to the report, scammers purchase personal data for USD $100 for every 10,000 lines of data containing phone numbers and names. Additionally, these scammers pay between 10,000 USDT and 30,000 USDT for data from a single site. The extent of the scam operations since January 2024 has resulted in over 29,000 malicious ads on Facebook, 81,000 fraudulent WhatsApp groups, and more than 81,000 fake Twitter profiles.

The report estimates a monthly consumer loss of USD $50,000 (over INR ₹41 lakh) from a single scam operation. The modus operandi detailed in the report involves criminals acquiring hacked stock trading data from brokers who obtain it from underground forums. These brokers then sell the data to organised crime groups running large-scale trading scams. Within these crime groups, handlers and actors are employed to carry out the scams, posing as successful investors and using social media platforms to attract victims into WhatsApp groups.

Inside these groups, scammers manipulate victims by showing fake proof of earnings and promising high returns, only to disappear with the investments, resulting in significant financial losses for the victims.

The report classifies scams into two main types: crypto scams and stock trading scams. In crypto scams, victims are persuaded to invest in cryptocurrency through fraudulent websites. In stock trading scams, victims are encouraged to invest in stocks with untrue promises of high returns.

Scammers use various methods to acquire data, including targeted social media ads, unsolicited direct messages, fake investment groups, and SMS invitations. They often impersonate genuine financial advisors and institutions to gain credibility and trust from potential victims.

Social engineering tactics described in the report include the use of pre-scripted messages, fake training setups, and strategic group chat management to control and manipulate victims. Scammers exploit psychological pressure tactics, creating a sense of urgency and fear of missing out (FOMO) to push victims into investing more.

The report details various scamming tactics such as impersonation, where scammers create fake profiles mimicking real financial advisors, firms, or regulatory bodies like SEBI. They steal real contact information and credentials to build trust with victims. Additionally, multiple WhatsApp groups are managed strategically to handle a larger pool of victims, with team members playing specific roles such as impersonators, hype creators, and affiliates.

Fake training setups are another tactic employed, where scammers create web applications that mimic live training platforms. They use legitimate trading training videos repurposed to appear as part of their scam training. Similarly, they design fraudulent apps to resemble genuine trading platforms. These apps show false profits to encourage further investments but ultimately block withdrawals.

CloudSEK's report underscores the urgent need for increased awareness and vigilance among investors to identify and avoid these sophisticated scams, aiming to inform and protect potential victims from falling prey to such fraudulent activities.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
NCSC's Malware Free Network disrupts 10 million cyber threats
Surge in cybercrime on Telegram highlights security concerns
Cyber-attacks on TikTok & Indonesia prompt security discussion
BioCatch report underscores evolving fraud landscape in APAC
The importance of collaborating AI with human expertise
Top stories
David Galloreese joins Datadog as new Chief People Officer
Kiwi intelligence agencies welcome human rights compliance review
Infinigate Group invests in Wavelink to expand into ANZ market
Cloudinary supports C2PA standard to combat fake media
HAProxy Technologies named leader 18 times in the G2 Summer 2024