Researchers have unveiled a sprawling cybercrime syndicate orchestrating an elaborate phishing and investment fraud campaign by cloning legitimate news outlets such as CNN, BBC, CNBC, News24, and ABC News.
This operation leverages domain spoofing and typosquatting techniques to fabricate over 17,000 baiting websites across 50 countries, primarily targeting users in the United States.
By impersonating trusted brands, these malicious actors enhance the perceived legitimacy of their scams, exploiting psychological biases to boost click-through rates and user engagement.
Global Network of Fake News Portals
The campaign integrates programmatic advertising on platforms like Google and Facebook, where sponsored posts feature sensational headlines like “Shocking: [Local Celebrity] Backs New Passive Income Stream for Citizens!”
These ads, often hosted on dormant social media profiles with no followers or historical activity, employ social engineering tactics to draw victims into a multi-stage fraud funnel.
Upon clicking these deceptive advertisements, victims are redirected to counterfeit news sites mimicking major media interfaces, complete with fabricated articles touting revolutionary automated trading platforms such as Eclipse Earn, Solara Vynex, and Trap10.
These sites utilize low-cost top-level domains (TLDs) including .xyz, .io, .shop, or .click, often incorporating subtle URL manipulations to typosquat on authentic brands.
The content promotes high-yield investment opportunities promising effortless returns, prompting users to submit personal data like names, emails, and phone numbers via registration forms.
According to MalwareBytes Report, this initial data exfiltration sets the stage for advanced social engineering, where scammers pose as affable financial advisors, initiating voice calls to reference the bogus article and guide victims through a simulated onboarding process.
Mechanics of the Scam
Victims are coerced into depositing nominal amounts typically around $240 into sham trading dashboards that artificially inflate balances to simulate growth, employing gamification elements to encourage further investments.
The scheme culminates in withdrawal obstructions, fabricated KYC (Know Your Customer) verifications, exorbitant fees, and eventual account lockouts, resulting in total financial loss.
Compounding the damage, harvested personal information is commoditized on underground markets, sold to secondary fraudsters for additional exploitation, perpetuating a cycle of identity theft and repeated phishing attempts.
To detect these sophisticated threats, security experts highlight several red flags: sponsored ads from profiles lacking organic engagement, endorsements involving local celebrities implying unrealistic wealth generation, and promises of exponential returns in short timeframes.
The advisors’ excessive demands for sensitive details under the guise of regulatory compliance further signal malice.
Protective measures include deploying endpoint security solutions with real-time malicious URL blocking, such as antivirus software integrated with threat intelligence feeds to mitigate drive-by downloads and script-based exploits.
Users should rigorously verify claims by cross-referencing with official sources, avoiding unsolicited links across emails, social feeds, and dubious sites, and consulting regulatory bodies like the SEC in the US or FCA in the UK for platform legitimacy.
Skepticism toward clickbait narratives, especially those involving celebrity endorsements of unregulated financial schemes, is crucial to thwart disinformation tactics.
In cases where personal data has already been compromised, immediate cessation of communication with the perpetrators is advised, followed by password resets and activation of multi-factor authentication (MFA) on critical accounts to prevent lateral movement by attackers.
Notifying financial institutions for transaction monitoring and credit freezes can preempt unauthorized activities, while monitoring credit reports for anomalies helps detect identity theft.
Reporting incidents to law enforcement and cybercrime units, such as through platforms like the FBI’s Internet Crime Complaint Center (IC3), aids in broader threat intelligence sharing and potential disruption of these networks.
This campaign underscores the evolving intersection of ad tech vulnerabilities and cyber fraud, urging platforms to enhance ad verification protocols and AI-driven anomaly detection to curb such abuses.
Stay Updated on Daily Cybersecurity News. Follow us on Google News, LinkedIn, and X.
