A gigantic network of more than 11,000 domains uncovered used to promote numerous fake investment schemes to users in Europe 

The goal of the scam operation is to trick users into an opportunity for high-return investments and convince them to deposit a minimum amount of 250 EUR ($255) to sign up for the fake services.

Uncovered platforms show fabricated evidence of enrichment and falsified celebrity endorsements to create an image of legitimacy and lure in a larger number of victims. Fake investment scams have been around for long enough so that people could recognize them easily. For instance, in 2021, Artefaktum detected a massive bitcoin scam campaign in Germany and Switzerland which used the names of local celebrities. Nevertheless, no matter how old the scheme is, it keeps bringing money to fraudsters.

During the last months, deep investigations revealed a huge amount of (still operative old, but also brand new) fake investment schemes which are targeting European citizens. In the course of the research, a gigantic network infrastructure was uncovered and analyzed, which contained over 10,000 rogue resources, including similar fraudulent ones aimed at the inhabitants of the entire Eurasian continent and North America.

During the research, it was noticed that the following countries are being targeted with the Fake investment scheme:

  • UK
  • Belgium
  • Netherlands
  • Germany
  • Poland
  • Portugal
  • Norway
  • Sweden
  • Czech Republic

"

The main goal of these fake investment schemes is to convince the victims to repeatedly transfer funds to the fake investment portal. The victims are usually promised huge returns on their investments and are shown “how I got rich” stories featuring celebrities.

Legitimate looking investment sites are popping up everywhere. We see them on various social media networks, which include the massive platforms of Youtube and Facebook.

The message displayed on those platforms makes it seem like there is a bulletproof service of making an online income. The messages state that the service is used by famous people globally. This can be from Elon Musk to local German (like Thomas Gottschalk to Dieter Bohlen) and other European celebrities. The message continues to state that it is a unique offer and that you just need a minimal deposit of 250 euros to get started.

The scam disseminates deceptive information as though ‘Dieter Bohlen’ has surprised experts and is frightening the banks, all because he made an investment. The fake investment scheme illegally exploits the name and the image of this famous person to lure the victims to click on the link. Dieter Bohlen is a Germany composer and music producer, presenter, actor and singer. He is known in Germany as “Poptitan” and for his television presence in the show ‘DSDS’.

Additionally, the victim will leave a comment below the hyperlink, stating that with 250 euros the victim was able to have a profit of 700 euros in just 3 days.

In some cases, specially created rogue Facebook pages were being used to spread the fake investment scheme post via the advertisement capabilities on Facebook.

After registering with contact details on fake Landing pages, victims will receive a call or mail. The fraudster is trying to lure users to contact him. Once contacted by the victims, the scammer will assist the victims in creating the needed profile to start with the investment, and also assist in getting the initial minimal 250 euro deposit.

The ultimate goal is to lure the victims into visiting fake investment portals.

The scammers behind this scheme try to maximize their impact and set up the same scheme with different templates that cover specific topics. 

The fake sites make use of templates that seem to be of high quality. The color palettes used and the code itself makes it look like a legitimate and trustworthy website. The main idea of the fake broker sites is to show content to the victims which will trigger them to:
  • Register an account
  • Replenish the balance on their previously made account
  • Bombard the victims with success stories
Draw fictitious stories that profit is being made via the fake broker sites via manipulated MetaTrader, the notorious PumaTS Software,  or Activ8 and LX-series Software by Israeli company Leverate. This “fake” account manager will assist the victim in making the right decisions on their fake investment dashboard, increasing the likelihood that the scammers can get more than 250 EUR of the victim. It also allows the fraudsters to change specific values in the dashboard so the dashboard meets the expectations of the unaware victim.
The final page where the victim is requested to perform a transaction of 250 EUR or more. It is at this stage where the credit card details are compromised and the victim loses money. This scheme makes use of several steps to social engineer the victim into sending out money.
During the phone call the scammers asks several questions that you would expect when dealing with a legitimate investment service:
  • Why do you want to invest?
  • How much can you invest?
  • How do you make your money?
  • How much time do you spend on work?
On each answer of these questions the scammer will give a positive response which led to the next step in the call. At the end of the call, the fraudster insisted on giving payment card details immediately. Remember, the sense or urgency that the scammers are often trying to induce is one of the red flags.

The lifetime of fraudulent sites varied from several days to several months (the more victims the site brought, the faster it went offline and its mirror was raised on another domain). 

At the moment of writing, from those 11,197 domains, 5,091 still remain active.

The lifetime of fraudulent sites varied from several days to several months (the more victims the site brought, the faster it went offline and its mirror was raised on another domain).
 
The fraudsters make use of specific keywords and top level domains to trick unaware internet users into their fraudulent scheme. The keywords range from specific investment categories like Bitcoin and gold, but this is not where they stop, they continue to set up schemes that target specific countries.
 

Legal Disclaimer

The conclusions do not represent the official position of competent authorities, including law enforcement agencies, do not contain direct accusations of committing crimes or other unlawful actions, and are analytical and informative in nature.

All personal data including names, images, video and audio records and any other information on identified or identifiable individuals are published herein for the purposes specified above in the public interest.

SHARE

These articles are for informational purposes only, their content may be based on employees’ independent research, and do not represent the position or opinion of Artefaktum. Furthermore, Artefaktum disclaims all warranties in the articles’ content, does not recommend/endorse any third-party products referenced therein, and any reliance and use of the articles is at the reader’s sole discretion and risk.