A gigantic network of more than 11,000 domains uncovered used to promote numerous fake investment schemes to users in Europe 

Uncovered platforms show fabricated evidence of enrichment and falsified celebrity endorsements to create an image of legitimacy and lure in a larger number of victims. Fake investment scams have been around for long enough so that people could recognize them easily. For instance, in 2021, Artefaktum detected a massive bitcoin scam campaign in Germany and Switzerland which used the names of local celebrities. Nevertheless, no matter how old the scheme is, it keeps bringing money to fraudsters.

During the last months, deep investigations revealed a huge amount of (still operative old, but also brand new) fake investment schemes which are targeting European citizens. In the course of the research, a gigantic network infrastructure was uncovered and analyzed, which contained over 10,000 rogue resources, including similar fraudulent ones aimed at the inhabitants of the entire Eurasian continent and North America.

During the research, it was noticed that the following countries are being targeted with the Fake investment scheme:

  • UK
  • Belgium
  • Netherlands
  • Germany
  • Poland
  • Portugal
  • Norway
  • Sweden
  • Czech Republic


The main goal of these fake investment schemes is to convince the victims to repeatedly transfer funds to the fake investment portal. The victims are usually promised huge returns on their investments and are shown “how I got rich” stories featuring celebrities.

Legitimate looking investment sites are popping up everywhere. We see them on various social media networks, which include the massive platforms of Youtube and Facebook.

The message displayed on those platforms makes it seem like there is a bulletproof service of making an online income. The messages state that the service is used by famous people globally. This can be from Elon Musk to local German (like Thomas Gottschalk to Dieter Bohlen) and other European celebrities. The message continues to state that it is a unique offer and that you just need a minimal deposit of 250 euros to get started.

The scam disseminates deceptive information as though ‘Dieter Bohlen’ has surprised experts and is frightening the banks, all because he made an investment. The fake investment scheme illegally exploits the name and the image of this famous person to lure the victims to click on the link. Dieter Bohlen is a Germany composer and music producer, presenter, actor and singer. He is known in Germany as “Poptitan” and for his television presence in the show ‘DSDS’.

Additionally, the victim will leave a comment below the hyperlink, stating that with 250 euros the victim was able to have a profit of 700 euros in just 3 days.

In some cases, specially created rogue Facebook pages were being used to spread the fake investment scheme post via the advertisement capabilities on Facebook.

After registering with contact details on fake Landing pages, victims will receive a call or mail. The fraudster is trying to lure users to contact him. Once contacted by the victims, the scammer will assist the victims in creating the needed profile to start with the investment, and also assist in getting the initial minimal 250 euro deposit.

The ultimate goal is to lure the victims into visiting fake investment portals.

The scammers behind this scheme try to maximize their impact and set up the same scheme with different templates that cover specific topics. 

The fake sites make use of templates that seem to be of high quality. The color palettes used and the code itself makes it look like a legitimate and trustworthy website. The main idea of the fake broker sites is to show content to the victims which will trigger them to:
  • Register an account
  • Replenish the balance on their previously made account
  • Bombard the victims with success stories
Draw fictitious stories that profit is being made via the fake broker sites via manipulated MetaTrader, the notorious PumaTS Software,  or Activ8 and LX-series Software by Israeli company Leverate. This “fake” account manager will assist the victim in making the right decisions on their fake investment dashboard, increasing the likelihood that the scammers can get more than 250 EUR of the victim. It also allows the fraudsters to change specific values in the dashboard so the dashboard meets the expectations of the unaware victim.
The final page where the victim is requested to perform a transaction of 250 EUR or more. It is at this stage where the credit card details are compromised and the victim loses money. This scheme makes use of several steps to social engineer the victim into sending out money.
During the phone call the scammers asks several questions that you would expect when dealing with a legitimate investment service:
  • Why do you want to invest?
  • How much can you invest?
  • How do you make your money?
  • How much time do you spend on work?
On each answer of these questions the scammer will give a positive response which led to the next step in the call. At the end of the call, the fraudster insisted on giving payment card details immediately. Remember, the sense or urgency that the scammers are often trying to induce is one of the red flags.

The lifetime of fraudulent sites varied from several days to several months (the more victims the site brought, the faster it went offline and its mirror was raised on another domain). 

At the moment of writing, from those 11,197 domains, 5,091 still remain active.

The lifetime of fraudulent sites varied from several days to several months (the more victims the site brought, the faster it went offline and its mirror was raised on another domain).
The fraudsters make use of specific keywords and top level domains to trick unaware internet users into their fraudulent scheme. The keywords range from specific investment categories like Bitcoin and gold, but this is not where they stop, they continue to set up schemes that target specific countries.

Legal Disclaimer

The conclusions do not represent the official position of competent authorities, including law enforcement agencies, do not contain direct accusations of committing crimes or other unlawful actions, and are analytical and informative in nature.

All personal data including names, images, video and audio records and any other information on identified or identifiable individuals are published herein for the purposes specified above in the public interest.

Other News & Reports

Forward-Looking Statements
This press release includes “forward-looking statements” within the meaning of the “safe harbor” provisions of the United States Private Securities Litigation Reform Act of 1995, including, without limitation, statements regarding Artefaktum’s ability to strengthen the security profiles of its customers and partners. When used in this press release, the words “estimates,” “projected,” “expects,” “anticipates,” “forecasts,” “plans,” “intends,” “believes,” “seeks,” “may,” “will,” “should,” “future,” “propose” and variations of these words or similar expressions (or the negative versions of such words or expressions) are intended to identify forward-looking statements. These forward-looking statements are not guarantees of future performance, conditions, or results, and involve several known and unknown risks, uncertainties, assumptions, and other important factors, many of which are outside Artefaktum’s management’s control, that could cause actual results or outcomes to differ materially from those discussed in the forward-looking statements. Important factors, among others, that may affect actual results or outcomes include Artefaktum’s inability to recognize the anticipated benefits of collaborations with Artefaktum’s partners and customers; Artefaktum’s ability to execute its plans to develop and market new products and the timing of these development programs; the rate and degree of market acceptance of Artefaktum’s products; the success of other competing technologies that may become available; Artefaktum’s ability to identify and integrate acquisitions; the performance of Artefaktum’s products; potential litigation involving Artefaktum; and general economic and market conditions impacting demand for Artefaktum’s products. The foregoing list of factors is not exhaustive. You should carefully consider the foregoing factors and the other risks and uncertainties described under the heading “Risk Factors” in Artefaktum’s registration statement declared effective by its inception date and other documents that Artefaktum has filed or will file. These filings identify and address other important risks and uncertainties that could cause actual events and results to differ materially from those contained in the forward-looking statements. Forward-looking statements speak only as of the date they are made. Readers are cautioned not to put undue reliance on forward-looking statements, and Artefaktum does not undertake any obligation to update or revise any forward-looking statements, whether as a result of new information, future events, or otherwise, except as required by law.