SOCRadar® Cyber Intelligence Inc. | New Global Phishing Scam Exposed: Facebook and Instagram Users Targeted by Fake Crypto Platform


Aug 11, 2023
8 Mins Read

New Global Phishing Scam Exposed: Facebook and Instagram Users Targeted by Fake Crypto Platform

The thrill of curiosity! It is the spark that drives innovation, leads us to explore new horizons, and sometimes, unfortunately, lands us straight into the arms of danger. Imagine scrolling through your Facebook or Instagram feed and stumbling upon an enticing headline about a new digital currency, or maybe a revolutionary economic project. Intrigued? Well, you would not be alone.

But before you click through to learn more, consider this – what if your curiosity is the very bait in a cyber trap? A new phishing campaign detected by the SOCRadar Takedown Team paints a picture of exactly that, a treacherous journey where curiosity is not rewarded with knowledge but punished with deception.

Facebook ads that redirect to fake websites, phishing
Facebook ads that redirect to fake websites

A recent revelation by the SOCRadar Takedown Team sheds light on a sophisticated phishing campaign targeting users on two of the most popular social media platforms: Facebook and Instagram.

The Lure: Slogans and Celebrity Endorsements

The attackers, in their bid to entice users, have adopted a seemingly clever strategy. They are leveraging catchy slogans on Facebook and Instagram posts, such as:

  • “Thousands of Austrians will gain their economic freedom thanks to this project.”
  • “Tesla is officially launching its official digital currency.”
A Facebook post redirecting to a fake news site, phishing
A Facebook post redirecting to a fake news site

The audacity and deception of these claims are heightened by the utilization of names and photographs of CEOs from prominent companies, particularly those in the financial and insurance sectors, while a well-designed appearance exudes professionalism and authenticity.

Once the victim’s attention is grabbed, they are navigated to a convincingly fake news website. Here, false information and counterfeit documents, often using the name of a renowned CEO, advertise a bogus cryptocurrency platform. A strategically placed questionnaire at the end of the article then requests users to fill in personal details. By inciting a sense of urgency with warnings like “registrations can be closed at any time”, they exploit the users’ emotions of fear and anticipation.

Even cybersecurity firms aren’t safe from impersonation. These criminals are stooping to use the names of cybersecurity organizations to craft a trustworthy facade.

The Trap: A Twisted Web of Deceit

Once the user’s interest is piqued, they are led down a rabbit hole of misinformation:

Imitated news website, phishing
Imitated news website

Imitated News Website: Victims are led to a meticulously imitated news website, where a fraudulent crypto value platform is promoted. The website is equipped with fabricated documents and CEO endorsements, all crafted to present an air of legitimacy. Despite the proficient design that lends an air of credibility, it’s the URL and domain that ultimately expose the divergence from the genuine news brand being mimicked. Unfortunately, the allure of financial gain makes it difficult for victims to extricate themselves from this trap.

Questionnaire for personal details, phishing
Questionnaire for personal details

Questionnaire with Urgent Warning: At the end of the fake news page, users are met with a questionnaire requesting personal details. The urgent warning that “registrations can be closed at any time” invokes fear and excitement to prompt action.

Fake bitcoin platform, phishing
Fake bitcoin platform

Fake Bitcoin Platform: After completing the survey, users are guided to a counterfeit bitcoin platform that asks for more personal information. On this page, users are queried about their age, income, and gender.

Credit card deposit screen, phishing
Credit card deposit screen

Credit Card Information Capture: Upon successful redirection, the victim reaches the credit card deposit screen, where credit card details are solicited.

International Reach of the Facebook and Instagram Phishing Campaign

This phishing scam isn’t localized. Research by the SOCRadar Takedown Team indicates its widespread nature. Turkish and German-speaking users are notably affected. Interestingly, the content of these malicious domains morphs based on the victim’s country of origin. If a user attempts to access the content from a country not targeted, they are met with irrelevant content, making detection and tracking more challenging.

How to Protect Yourself Against This Phishing Campaign

The newly detected phishing campaign targeting Facebook and Instagram users is a reminder of the continuous threats we face online. As we navigate through social media platforms and websites, it is vital to be aware of potential traps set by cybercriminals. Here are some actionable strategies to protect yourself against this specific phishing campaign and others like it:

  1. Be Skeptical of Unexpected Offers: If an offer or advertisement looks too good to be true, especially if it appears out of nowhere, it probably is. Don’t let catchy slogans and celebrity endorsements on Facebook, Instagram, or on any other website lure you into a trap.
  2. Verify the Source: Always check the authenticity of the website, e-mail, or social media account that’s promoting the offer. Look for official website URLs, and don’t hesitate to verify the information with a quick Google search or by contacting the company directly.
  3. Don’t Share Personal Information: Never share your personal information such as name, e-mail, phone number, or credit card details on suspicious websites or platforms.
  4. Use Secure Browsers and Security Software: Make sure your browser is up to date, and use security software that can help detect and block malicious websites.
  5. Enable Two-Factor Authentication (2FA): Two-factor authentication adds an additional layer of security to your online accounts. Even if your password is compromised, 2FA can stop unauthorized access.
  6. Beware of Urgent Warnings: Cybercriminals often use urgent language to prompt immediate action. If you encounter warnings like “registrations can be closed at any time,” pause and investigate the situation first.
  7. Educate Yourself and Others: Stay informed about common phishing tactics and warning signs. Share this information with friends and family to help them stay protected as well.
  8. Report Suspicious Activity: If you come across suspicious emails or websites, report them to your local cybersecurity authorities or the respective platform’s support team. Your report may help prevent others from falling victim to the same scam.
  9. Regularly Monitor Your Financial Statements: Regularly check your bank and credit card statements for unauthorized charges. If you find anything suspicious, report it to your bank immediately.

Indicators of Compromise (IoCs)

  • https[:]//biticodes[.]studio
  • https[:]//www[.]security-forms[.]com
  • https[:]//bitgptapp[.]me
  • https[:]//bitsoft360[.]tv
  • https[:]//bitgptapp[.]de
  • https[:]//mercatofuturo[.]com
  • https[:]//stock-performance[.]com
  • https[:]//riskrewardtradeoff[.]com
  • https[:]//dragonsoloadsplus[.]com
  • https[:]//dragonsoloadsplus[.]com
  • https[:]//breakevenpointforyou[.]com/
  • https[:]//my[.]matrixinvest[.]net/
  • https[:]//guardianinvest[.]co/
  • secure-registrarion[.]net
  • How SOCRadar Can Help: Strengthening Your Defense Against Phishing Attacks

    In the rapidly evolving world of cyber threats, where phishing campaigns are becoming increasingly sophisticated, it is vital to stay one step ahead. As phishing attacks become more prevalent and complex, organizations must recognize the urgency of fortifying their security measures.

    Here is what companies should be doing:

    Strengthen Server Configurations: Implement robust configurations to thwart potential phishing attempts. Create an incident policy to open a channel to employees to report such kind of issues and urge immediate, timely actions to incidents.

    Use Multi-Factor Authentication (MFA): Incorporate MFA to add an extra layer of security.

    Timely Detection and Takedown: It’s essential to identify and neutralize phishing sites as quickly as possible, as the technology and tactics used in phishing kits continue to advance.

    Stay One Step Ahead of Attackers by Continuously Monitoring Your Digital Assets

    SOCRadar offers a cutting-edge solution tailored to meet these challenges. Here is how SOCRadar’s Digital Risk Protection platform can aid your business:

    SOCRadar’s Brand Protection
    SOCRadar’s Brand Protection

    AI-Powered Analysis and Detection: By employing machine learning algorithms to analyze millions of domains, SOCRadar’s platform can swiftly identify malicious domains targeting your brand and business network.

    Continuous Monitoring: The platform constantly surveys the digital landscape for any changes that may signify potential attacks such as BEC attacks, phishing, malware infections, or smear campaigns.

    Alert and Notification System: If a suspicious activity is detected, the platform will generate an alarm, notifying your team of potential future attacks.

    Takedown Service: SOCRadar’s Digital Risk Protection platform offers an efficient solution through its Integrated Takedown module, specifically designed to swiftly respond and mitigate the detrimental influence of malicious actors on both your brand’s reputation and cybersecurity stance. 

    This is achieved by leveraging a vast global network of contacts to facilitate the rapid removal of illicit content. SOCRadar’s team of adept takedown analysts initiates the process by considering a multitude of factors. These include the geographic location where the unauthorized content is hosted, as well as the nature and quality of evidence required for submission, all with the aim of expediting the takedown procedure. 

    By opting for SOCRadar’s integrated service, you can seamlessly navigate through procedural complexities and benefit from streamlined resolution just with on-click. The comprehensive range of takedown categories encompassing fraudulent domains, phishing pages, brand abuse, pharming IPs, rogue mobile apps, impersonated social accounts, source code leakage and malware infrastructures further underscores the platform’s dedication to comprehensive protection.

    Protecting Intellectual Property: Ensure that your intellectual property remains secure and that your brand is safe from discrediting efforts by malicious actors.

    Phishing attacks are a relentless threat, and reacting after the fact is oftentoo late. By adopting the SOCRadar Digital Risk Protection platform, you equip your organization with a proactive defense that offers real-time analysis, detection, and takedown capabilities.

    Do not leave your brand’s reputation and intellectual property to chance. Utilize SOCRadar’s cutting-edge services to safeguard against the ever-present and evolving threats of phishing attacks. It’s not just about risk mitigation; it’s about actively taking control of your digital safety and the integrity of your brand.