Cybercrime , Fraud Management & Cybercrime , Social Engineering
Investment Scam Network Relies on Massive IT InfrastructureCriminal Group 'Digital Smoke' Targets Primarily Indian Victims
Security researchers uncovered an investment scam network that draws on an online infrastructure of hundreds of hosts and thousands of domains to target primarily Indian victims by impersonating Fortune 100 companies.
See Also: OnDemand | Understanding Human Behavior: Tackling Retail's ATO & Fraud Prevention Challenge
Resecurity dubs the criminal group behind the fraud "Digital Smoke" and says it targeted victims across the globe but focused on India, During 2022, the researchers say, the groups took tens of billions of dollars from victims, and there has been a notable uptick in damages in the first months of this year.
Digital Smoke used more than 350 hosting providers, and most of the domain names and hosting platforms were registered via Chinese company Alibaba.
The scammers direct victims to download a mobile app or access a one-time URL on a typosquatted domain to register themselves and participate in the fraud, which may involve fake investments to blue chip companies or Ponzi schemes. They use hidden redirects and other black hat search engine optimization techniques to protect their online infrastructure.
Digital Smoke collects money via a clutch of methods including the Unified Payments Interface - a funds transfer mechanism developed by the National Payments Corporation of India, Alipay and cryptocurrencies.
Most payment amounts defaulted to Indian rupees. In some cases, only victims with access to Indian phone numbers could register with Digital Smoke.
The criminals impersonated companies including investment corporations BlackRock, GMF Capital and India Brand Equity Foundation, as well as companies from the energy sector such as Shell and Velesto Energy.
In an especially devious social engineering technique, the fraudsters use disclaimers about risk and liability related to investing to give themselves a patina of credibility. Victims interviewed by Resecurity told researchers "they never could have imagined they joined a scam network." Resecurity says it has notified law enforcement in India and the United States about the group.