Group-IB warns Singaporeans of the new bitcoin scam

Group-IB, a Singapore-based cybersecurity company, has discovered a network of 18 active fake resources aimed at tricking users from Singapore into visiting a shady bitcoin investment page. The fraudulent scheme is distributed via fake websites, posing as Singapore media outlet, the Straits Times. These websites, in order to establish trust, spread articles with fabricated testimonials of prominent local personalities about cryptocurrency investment platform that “made them rich.” All these articles contain links that lead to phony websites promising to “get rich with bitcoin revolution.” Group-IB Digital Risk Protection team urges Singaporeans to avoid visiting these resources and sharing any personal data. The list of active websites discovered so far has been provided to SingCERT (Singapore Computer Emergency Response Team).

On Feb. 5, the CNA reported about a website using false comments attributed to Ho Ching, the CEO of Temasek Holdings. Back in 2019, the Monetary Authority of Singapore (MAS) also issued a warning on a fraudulent website soliciting bitcoin investments. Group-IB’s APAC Brand Protection team has detected a new wave of this fraudulent scheme and discovered at least 18 active fraudulent websites, which were almost identical and posed as The Straits Times. As part of the scheme, these fake websites spread strikingly similar articles featuring fabricated endorsements and quotes of local politicians, entrepreneurs and celebrities such as Prime Minister Lee Hsien Loong, Ho Ching, Adam Khoo, JJ Lin, Henry Golding, Kim Lim, Peter Lim, Zhang Yong, Eduardo Saverin, Goh Cheng Liang, Anthony Tan and others.

Fig. 1-6. Fake websites that use fabricated endorsements from local prominent personalities to promote this fraud

One of the examples of fake celebrity endorsement of a shady bitcoin investment scheme called “Bitcoin Revolution”:
“You may have heard about this new cryptocurrency investment platform called Profit Revolution that’s helping regular people in Singaporean, Asia and North America build fortunes overnight. You may be skeptical because it sounds too good to be true…I get that because I thought the same thing when a trusted friend told me about it. But after seeing with my own eyes how much money he was making, I had to try it for myself. I’m glad I tried it because it was some of the biggest and easiest money I’ve ever made. I’m talking tens of thousands of dollars a day on autopilot. it’s literally the fastest way to make a windfall of cash right now. And it’s not going to last for much longer when more and more people find out about it. Or when banks shut it down for good.”

The articles contain several links to a “Bitcoin revolution” website that promises to “change your life today” and asks for some personal data (Fig. 5):

Fig. 7 The Bitcoin Revolution website promoted via fake websites

The fraudsters behind this scheme have created dozens of fake websites using the same template without even bothering to slightly change the contents of the articles, except for the names being used for fake endorsements. To attract users to their shady websites, they use ad networks and exchanges. In many cases, users are being redirected to these resources, for example, after visiting a website with specific advertisement.

With the help of the Graph Network Analysis tool built into its Threat Intelligence system, Group-IB has so far identified 18 connected infringing domains targeting Singaporeans by analyzing its contents, domain names, visuals, registration dates and other parameters. All these domains were registered over the past two years. This information has been reported to SingCERT. The connections to other shady bitcoin resources targeting users outside of Singapore have been discovered as well and are now being analyzed by Group-IB’s Digital Risk Protection team. The research continues.

This bitcoin scam targets regular users, celebrities and media outlets at the same time. While online users should always stay vigilant and follow basic cyber hygiene, brand owners should remember: unhappy customers and fans act fast. Even after one negative experience, many customers are likely to lose trust and abandon a brand. Brand owners, be it a media outlet or a celebrity, should constantly monitor any potential abuse online using the systems that allow to automatically detect and promptly eliminate any references to their brands in the domain names, website interface, phishing website databases, social media and elsewhere.

Ilya Rozhnov

Head of Group-IB’s Digital Risk Protection team in Singapore

To spot a scam, users should always check if a URL matches the name of a media outlet whose logo is being displayed and if it is spelled correctly. It goes without saying that web resources requesting personal or payment data should always raise concern.

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Group-IB urges Singaporeans to remain vigilant due to a new wave of bitcoin scam which uses the names of local celebrities