Group-IB, a Singapore-based cybersecurity company, has discovered a network of 18 active fake resources aimed at tricking users from Singapore into visiting a shady bitcoin investment page. The fraudulent scheme is distributed via fake websites, posing as Singapore media outlet, the Straits Times. These websites, in order to establish trust, spread articles with fabricated testimonials of prominent local personalities about cryptocurrency investment platform that “made them rich.” All these articles contain links that lead to phony websites promising to “get rich with bitcoin revolution.” Group-IB Brand Protection team urges Singaporeans to avoid visiting these resources and sharing any personal data. The list of active websites discovered so far has been provided to SingCERT (Singapore Computer Emergency Response Team).
On Feb. 5, the CNA reported about a website using false comments attributed to Ho Ching, the CEO of Temasek Holdings. Back in 2019, the Monetary Authority of Singapore (MAS) also issued a warning on a fraudulent website soliciting bitcoin investments. Group-IB’s APAC Brand Protection team has detected a new wave of this fraudulent scheme and discovered at least 18 active fraudulent websites, which were almost identical and posed as The Straits Times. As part of the scheme, these fake websites spread strikingly similar articles featuring fabricated endorsements and quotes of local politicians, entrepreneurs and celebrities such as Prime Minister Lee Hsien Loong, Ho Ching, Adam Khoo, JJ Lin, Henry Golding, Kim Lim, Peter Lim, Zhang Yong, Eduardo Saverin, Goh Cheng Liang, Anthony Tan and others.
Fig. 1-6. Fake websites that use fabricated endorsements from local prominent personalities to promote this fraud
One of the examples of fake celebrity endorsement of a shady bitcoin investment scheme called “Bitcoin Revolution”:
“You may have heard about this new cryptocurrency investment platform called Profit Revolution that’s helping regular people in Singaporean, Asia and North America build fortunes overnight. You may be skeptical because it sounds too good to be true…I get that because I thought the same thing when a trusted friend told me about it. But after seeing with my own eyes how much money he was making, I had to try it for myself. I’m glad I tried it because it was some of the biggest and easiest money I’ve ever made. I’m talking tens of thousands of dollars a day on autopilot. it’s literally the fastest way to make a windfall of cash right now. And it’s not going to last for much longer when more and more people find out about it. Or when banks shut it down for good.”
The articles contain several links to a “Bitcoin revolution” website that promises to “change your life today” and asks for some personal data (Fig. 5):
Fig. 7 The Bitcoin Revolution website promoted via fake websites
The fraudsters behind this scheme have created dozens of fake websites using the same template without even bothering to slightly change the contents of the articles, except for the names being used for fake endorsements. To attract users to their shady websites, they use ad networks and exchanges. In many cases, users are being redirected to these resources, for example, after visiting a website with specific advertisement.
With the help of the Graph Network Analysis tool built into its Threat Intelligence system, Group-IB has so far identified 18 connected infringing domains targeting Singaporeans by analyzing its contents, domain names, visuals, registration dates and other parameters. All these domains were registered over the past two years. This information has been reported to SingCERT. The connections to other shady bitcoin resources targeting users outside of Singapore have been discovered as well and are now being analyzed by Group-IB’s Brand Protection team. The research continues.
Ilya Rozhnov
Head of Group-IB’s Brand Protection team in Singapore
To spot a scam, users should always check if a URL matches the name of a media outlet whose logo is being displayed and if it is spelled correctly. It goes without saying that web resources requesting personal or payment data should always raise concern.