CTM360 has discovered a new wave of financial attacks where cybercriminals use fake ad campaigns/pages to redirect users to fraudulent websites that have investment schemes, Bitcoin Ponzi schemes, fake survey websites, and free goods/services, etc. with the intention to steal the victim's bank account and card details. Prominent organizations, well-known personalities and members from royal families are used to market these bogus campaigns. Scammers are carrying out such fraudulent activities under the radar without being noticed or blocked by relevant authorities by pushing these scams mainly through the following two techniques:
- Doorway Pages
- Fake Ad Campaigns on Social media platform
Doorway pages, also called as bridge pages are performing ‘Spamdexing’ on the search engines. This is the art of having your website optimized or made attractive to the major search engines for optimal indexing. CTM360 has discovered that 99% of these doorway pages are registered on free domains. Ad campaigns leveraging free domains on ccTLDs such as .tk, .ga, .gq, .ml, .cf have been on the rise for the last few years. Fraudsters are bulk registering such domains and using them to generate revenue.
Fake Ad campaigns on Social Media
Cybercriminals are using social media platforms like Facebook and Instagram to push ads to users globally. Facebook adverts, which points to fraudulent websites, tend to attract users by using prominent institutions like ministries, financial institutions, royal members and well-known personalities in the region and include fake quotes about their earnings and extravagant lifestyle. Facebook allows advertisers to use what is called ‘dark posts’. These are targeted ads on social media which unlike boosted and organic posts don’t appear on your timeline and feed of your followers. Dark posts are more formally known on Facebook as unpublished posts. They instead show up as sponsored content in the feeds of users who are specifically targeted.
Dynamic URL redirect
Doorway pages/fake ads created and ingeniously placed by scammers online, redirect victims to a pool of different landing pages via dynamic URL redirects. This means that when the doorway page is accessed, the users are taken to a random landing page upon each visit. In some cases, users may also end up on different websites based on their search preferences. CTM360 have come across are listed below: - Free Gift sites which give mobile phones, airline tickets, watches - Free survey scam - Free airline ticket - Adult Websites - Various Investment schemes like Binary options, Bitcoin, Gold, trading
Bogus Checkout page
Once a victim’s personal information is collected by the landing page, the user is taken to a bogus checkout page with a fake payment gateway. The payment gateway collects all the necessary card details including card number, expiry date and CVV.
For further details, click the download button below!