Sophos, a global leader in innovating and delivering cybersecurity as a service, has released details of two expansive cyber fraud scams that are specifically targeting social media users.
According to the cybersecurity company, the scammers are operating from Asia.
In the report seen by Nairametrics, Sophos disclosed that one of the rings, based in Hong Kong, involves a fake gold trading marketplace. The other one, which is based in Cambodia and has ties to Chinese organized crime, netted $500,000 in cryptocurrency in just one month.
In both schemes, Sophos said the scammers are targeting people directly via Twitter and text messages, respectively. This is a slight deviation from the traditional method the scammers used to find and target victims.
The investigation: Narrating how the company has been monitoring the activities of the scammers, Sophos’s principal threat researcher, Sean Gallagher, said:
“For two years, we’ve been following and reporting on a subset of these pig butchering schemes called CryptoRom. This is a particular flavour of pig butchering that relies on romance-based lures with scammers approaching potential victims on dating apps and then asking them to invest in fraudulent crypto trading apps.
“But CryptoRom is just the tip of the iceberg. Since the start of the pandemic, this type of cyber fraud has massively expanded. These scammers are now targeting people on all major social media platforms or even direct messages, and they’re not limiting themselves to just exploiting crypto but also gold and other forms of currency or trading value. They’re quite literally going after the whole hog.”
How they operate: In the first scam Gallagher investigated, he spent three months interacting with one of the scammers after they approached him directly on Twitter.
“The scammer posed as a 40-year-old woman from Hong Kong who quickly attempted to move the conversation to WhatsApp. From there, the scammer tried to convince Gallagher to invest in a fake gold trading marketplace, touting her connections with her “Uncle Martin”—supposedly a former Goldman Sachs analyst.
“She then directed him to a site that copied the branding of a legitimate Japanese banking company called Mebuki Financial, where the foreign exchange and commodity trading services were to be conducted,” Sophos disclosed in the report
What you should know: The company noted that while the social engineering of this scam was less polished than other cases it has investigated, it showed a marked increase in technical sophistication for these types of groups.
It added that the scammers used an elaborate combination of highly effective SEO, polished scam pages to “register” new clients on their fake Mebuki website, and a pirated version of a legitimate trading app (MetaTrader 4) with additional malicious code to steal money from their victims. They are also actively updating their operation’s scam infrastructure to avoid being shut down.
Download Nairametrics App for breaking news and market intelligence.