7 February 2020

Group-IB urges Singaporeans to remain vigilant due to a new wave of bitcoin scam which uses the names of local celebrities

Group-IB, a Singapore-based cybersecurity company, has discovered a network of 18 active fake resources aimed at tricking users from Singapore into visiting a shady bitcoin investment page. The fraudulent scheme is distributed via fake websites, posing as Singapore media outlet, the Straits Times. These websites, in order to establish trust, spread articles with fabricated testimonials of prominent local personalities about cryptocurrency investment platform that “made them rich.” All these articles contain links that lead to phony websites promising to “get rich with bitcoin revolution.” Group-IB Brand Protection team urges Singaporeans to avoid visiting these resources and sharing any personal data. The list of active websites discovered so far has been provided to SingCERT (Singapore Computer Emergency Response Team).

On Feb. 5, the CNA reported about a website using false comments attributed to Ho Ching, the CEO of Temasek Holdings. Back in 2019, the Monetary Authority of Singapore (MAS) also issued a warning on a fraudulent website soliciting bitcoin investments. Group-IB’s APAC Brand Protection team has detected a new wave of this fraudulent scheme and discovered at least 18 active fraudulent websites, which were almost identical and posed as The Straits Times. As part of the scheme, these fake websites spread strikingly similar articles featuring fabricated endorsements and quotes of local politicians, entrepreneurs and celebrities such as Prime Minister Lee Hsien Loong, Ho Ching, Adam Khoo, JJ Lin, Henry Golding, Kim Lim, Peter Lim, Zhang Yong, Eduardo Saverin, Goh Cheng Liang, Anthony Tan and others.

Fig. 1-6. Fake websites that use fabricated endorsements from local prominent personalities to promote this fraud

One of the examples of fake celebrity endorsement of a shady bitcoin investment scheme called “Bitcoin Revolution”:
“You may have heard about this new cryptocurrency investment platform called Profit Revolution that’s helping regular people in Singaporean, Asia and North America build fortunes overnight. You may be skeptical because it sounds too good to be true…I get that because I thought the same thing when a trusted friend told me about it. But after seeing with my own eyes how much money he was making, I had to try it for myself. I’m glad I tried it because it was some of the biggest and easiest money I’ve ever made. I’m talking tens of thousands of dollars a day on autopilot. it’s literally the fastest way to make a windfall of cash right now. And it’s not going to last for much longer when more and more people find out about it. Or when banks shut it down for good.”

The articles contain several links to a “Bitcoin revolution” website that promises to “change your life today” and asks for some personal data (Fig. 5):

Fig. 7 The Bitcoin Revolution website promoted via fake websites

The fraudsters behind this scheme have created dozens of fake websites using the same template without even bothering to slightly change the contents of the articles, except for the names being used for fake endorsements. To attract users to their shady websites, they use ad networks and exchanges. In many cases, users are being redirected to these resources, for example, after visiting a website with specific advertisement.

With the help of the Graph Network Analysis tool built into its Threat Intelligence system, Group-IB has so far identified 18 connected infringing domains targeting Singaporeans by analyzing its contents, domain names, visuals, registration dates and other parameters. All these domains were registered over the past two years. This information has been reported to SingCERT. The connections to other shady bitcoin resources targeting users outside of Singapore have been discovered as well and are now being analyzed by Group-IB’s Brand Protection team. The research continues.

This bitcoin scam targets regular users, celebrities and media outlets at the same time. While online users should always stay vigilant and follow basic cyber hygiene, brand owners should remember: unhappy customers and fans act fast. Even after one negative experience, many customers are likely to lose trust and abandon a brand. Brand owners, be it a media outlet or a celebrity, should constantly monitor any potential abuse online using the systems that allow to automatically detect and promptly eliminate any references to their brands in the domain names, website interface, phishing website databases, social media and elsewhere.

Ilya Rozhnov

Ilya Rozhnov

Head of Group-IB’s Brand Protection team in Singapore

To spot a scam, users should always check if a URL matches the name of a media outlet whose logo is being displayed and if it is spelled correctly. It goes without saying that web resources requesting personal or payment data should always raise concern.

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is a partner of Europol.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for filling out the form! We will get back to you shortly.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Report an incident