Cybersecurity researchers have uncovered how the so-called fraud rings work CryptoLab which is estimated to have generated €480 million in illegal profits by targeting individual French-speaking users in France, Belgium and Luxembourg since April 2018.
This syndicate’s massive fraudulent investment scheme mainly involves impersonating 40 well-known banks, fin-tech, asset management firms and crypto platforms, setting up a fraudulent infrastructure spanning over 350 domains hosted on over 80 servers, Group-IB said in-depth reports.
The Singapore-headquartered company describes the criminal organization as “operated by a hierarchy of kingpins, sales agents, developers and call center operators” recruited to ensnare potential victims by promising high returns.
“CryptoLabs made their fraudulent schemes more convincing through region-focused tactics, such as hiring French-speaking callers as ‘managers’ and creating fake landing pages, social media ads, documents and investment platforms in French,” Anton Ushakov, deputy head said Group-IB’s high-tech crime investigation department in Amsterdam.
“They even emulate the dominant business in France to better resonate with their target audience and exploit them successfully.”
It all starts with luring targets through advertisements on social media, search engines, and forums dedicated to online investing, posing as the “investment division” of undercover organizations and presenting attractive investment plans to them in an attempt to part ways with their contact details.
At a later stage, they are approached by a call center operator who provides additional details about the fake platform and the credentials required to execute the trade.
“After logging in, the victim deposits funds into the virtual balance,” said Ushakov. “They are then shown fictitious performance charts which trigger them to invest more for better returns until they realize they cannot withdraw any funds even when paying a ‘swap fee’.”
While the initial deposit is as high as €200-300, this scam is engineered to incentivize victims to deposit more funds by presenting the illusion of a good investment return.
Group-IB, which first enlighten At a large-scale scam-as-a-service operation in December 2022, it is said to be able to track the first signs of the group’s activity since 2015, when it was discovered experimenting with different landing pages. CryptosLabs experiment with investment scams will start in earnest around June 2018 after two months of preparation.
An important selling point of this campaign is the use of a special deception kit that allows threat actors to run, manage and scale their activity at different stages, from rogue ads on social media to website templates used to carry out theft. .
Also part of this kit are tools for building landing pages, a customer relationship management (CRM) service that allows adding new managers to each domain, a lead control panel that can be used by scammers to sign new customers to the trading platform, and a VoIP utility to communicate. with victims in real-time.
“Analyzing CryptosLabs, it is evident that the threat group has given its activities a well-established structure in terms of operations and number of employees, and is likely to expand the scope and scale of its illicit business in the coming years,” Ushakov said.