Cybercrime , Fraud Management & Cybercrime , Social Engineering

Investment Scam Network Relies on Massive IT Infrastructure

Criminal Group 'Digital Smoke' Targets Primarily Indian Victims
Investment Scam Network Relies on Massive IT Infrastructure
Image: Shutterstock

Security researchers uncovered an investment scam network that draws on an online infrastructure of hundreds of hosts and thousands of domains to target primarily Indian victims by impersonating Fortune 100 companies.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

Resecurity dubs the criminal group behind the fraud "Digital Smoke" and says it targeted victims across the globe but focused on India, During 2022, the researchers say, the groups took tens of billions of dollars from victims, and there has been a notable uptick in damages in the first months of this year.

Digital Smoke used more than 350 hosting providers, and most of the domain names and hosting platforms were registered via Chinese company Alibaba.

The scammers direct victims to download a mobile app or access a one-time URL on a typosquatted domain to register themselves and participate in the fraud, which may involve fake investments to blue chip companies or Ponzi schemes. They use hidden redirects and other black hat search engine optimization techniques to protect their online infrastructure.

Digital Smoke collects money via a clutch of methods including the Unified Payments Interface - a funds transfer mechanism developed by the National Payments Corporation of India, Alipay and cryptocurrencies.

Most payment amounts defaulted to Indian rupees. In some cases, only victims with access to Indian phone numbers could register with Digital Smoke.

The criminals impersonated companies including investment corporations BlackRock, GMF Capital and India Brand Equity Foundation, as well as companies from the energy sector such as Shell and Velesto Energy.

In an especially devious social engineering technique, the fraudsters use disclaimers about risk and liability related to investing to give themselves a patina of credibility. Victims interviewed by Resecurity told researchers "they never could have imagined they joined a scam network." Resecurity says it has notified law enforcement in India and the United States about the group.

About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.