1.TeslaCoin: When Bitcoin Is Down
Even if you don’t normally follow financial headlines, it’s likely you’re aware the price of bitcoin plummeted in June. The cryptocurrency market has been volatile for months – a troubling trend for anyone who has invested in crypto in recent years. A lot of those folks were new to investing, period, not just to crypto. So what are they supposed to do to recoup?
Well, along comes Elon Musk, the world’s richest person, CEO of Tesla, and a famous crypto evangelist. Or does he? Scammers have targeted Canadian users with ads in the “Elon Musk cures the world” vein – a popular theme among scammers right now. The ads in this campaign lead to a landing page that copies The Toronto Star’s design and branding and contains #fakenews about how “Tesla has decided to help those in need and started building its project TeslaCoin, investing $1.5 billion in bitcoin.”
Big surprise – Tesla, the car maker, has nothing to do with TeslaCoin. TeslaCoin isn’t an Elon Musk venture. The scammers didn’t choose Tesla randomly, among any of Musk’s companies they could have spoofed. There was a cryptocurrency called TeslaCoin (TES), established back in 2010 and currently dead – it hasn’t been on the market since 2017. That hasn’t stopped cybercriminals from taking advantage of the name recognition to brand their made-up new platform.
Sure enough, any links in that fake article take the user straight to the good old “Bitcoin Era” scam page we remember from past fraudulent ad campaigns.
These crooks barely painted over this old scam. At the last step, they abandon their efforts to rebrand. Seems like someone is becoming lazy over on the scammers’ side. This time, they’re not even using a cloaking mechanism to sneak past ad quality processes. This campaign was easy for GeoEdge tech to detect, and we blocked it across our network immediately after its launch.
This financial scam, targeting Australian users, comes in a sneakier disguise. It starts with an ad teasing a fake news story claiming the Australian parliament has voted to shorten the hours of the work week throughout the country. Once again, these are headlines that a user could feasibly connect to real trends. Some companies in Australia are set to experiment with a four-day work week. But parliament doesn’t have anything to do with that.
Clicking on the ad takes the user to a page that looks like a blog post on Darolahr. The real Darolahr is a legit real estate website. This landing page, however, isn’t the real Darolahr.
Compared to other fraudulent decoy sites we’ve seen recently, this is an impressive counterfeit. The scammers have done a thorough job of copying the real site’s look and feel. But if the user digs deeper, they’ll notice telltale signs that something is amiss here. Notice the company’s “top agents” have something in common here:
Fake names, and they’re also all stock photo models. Oh, also, the site has only three blog posts and nine property listings, and is full of more stock images. And the site’s content was all published just a few months ago.
The fraudsters behind this campaign used a very powerful cloaking mechanism to hide their scam. The mechanism doesn’t kick in until the user’s digital fingerprint has passed multiple checkpoints. If the user “qualifies,” they’re redirected to a deceptive site containing a mock-up of the Sydney Morning Herald. The headline of this #fakenews piece aims to lure the user into investing in YuanPay, a Chinese cryptocurrency.
Again, some elements of this headline might feel familiar. The Chinese government actually did introduce a digital currency. But it’s only a digital version of Chinese currency, and it’s not available outside of China. And the company YuanPay Group has nothing to do with the Chinese government, nor with its digital coin. To a user who doesn’t know the particulars, this might look like a great investment opportunity, backed by at least two governments, and they might be enticed to sign up on the site’s offer page.
Registering on the site will redirect the user to a page representing an unregulated, dubious broker. The user is then prompted to invest a minimum of $250 US. Predictably, the only thing the would-be investor gets out of this fake “deal” is the eventual realization they’ve been ripped off.
4. Scooters Are the New iPhones
Gift card scams have gotten a ton of press over the last several years, and digital industry professionals are accustomed to seeing them all over. They’ll steal the names and logos of trusted brands, and deploy deceptive ads that are supposed to look like messages from loyalty programs of various legitimate retail outlets and service providers. When the user clicks through, they’re prompted to enter sensitive personal information in exchange for a prize – usually a gift card or an iPhone.
This month, the prize of choice in a scam campaign targeting Italian audiences isn’t a phone. It’s a Xiaomi 2 Pro Scooter.
When we look at ads that claim to represent a number of different recognizable brands, we can see clearly that the creative uses the same design over and over. All that differs is the counterfeited brand name and logo. The image is the same, and so text is the same: “Every Tuesday, we randomly choose 10 users and give them the chance to win great prizes” – and all the user has to do is complete a survey within the next four minutes and 25 seconds. It’s the oldest trick in the book, when it comes to digital phishing scams. The scammer offers an incentive, turns the heat on by creating a fake sense of immediacy, and then sits back and waits to collect financial details from deceived users.
In this case, the survey contains four simple questions, and a “fortune wheel” the user spins to win a prize. Sure enough, the user wins on the second round! From there, they’re redirected to a new page and prompted to confirm their address for delivery of the “prize.” Entering that information directs the user to this “pending” page, where the only available prompt is this “OK” button… which leads to yet another survey. Want to navigate backwards to escape? You can’t! This scam hijacks the back button, so the user can’t go back any farther than the “pending” page.
5. Stimulus Check Scam
In 2020 and 2021, to alleviate the very real financial pain so many people were experiencing during the hardest days of the Covid pandemic, the US government distributed stimulus payments to individual taxpayers and businesses. In order to infuse the economy with consumer dollars, the US Treasury sent payments to households, regardless of need, on three different occasions – so the program is extremely well-known.
Scammer recognize an obvious hook here, and they’ve been deploying clickbait ad scams touting a fourth round of stimulus payments. Some promise a payout, and others prompt users to check their eligibility. To date, there is no fourth round. But a lot of users have fallen for these fraudulent claims. IRS investigators told Forbes that citizens overall haven’t reported this many phishing attempts in over a decade.
Some of these deceptive ads specifically target audiences that might be more likely to believe the claims – such as seniors, who as a group in the US lose more than $3 billion per year to financial scams. The ad creative in some of these phishing schemes calls out users aged 65 and up.
Clicking through leads to a landing page that launches a forced browser notification prompting the user to accept “updates” on their “payments.”
Allowing updates in fact allows cybercriminals to spam the user with push notifications over time – often gateways to phishing scams or ransomware attacks. In the moment of clicking to accept those fraudulent notifications, the user is redirected to a page full of garbage clickbait ads. There’s an article on the page, but the text is practically unreadable. What’s more, what the text says is not what the misleading ad creative promised. It doesn’t say anything about any real government plan to send out a fourth wave of stimulus payments. There’s no such thing – and if there were, it would get plenty of publicity without anyone needing to launch an ad campaign about it.