Security researchers have uncovered a prolific investment fraud group that may have made half a billion dollars in profits over the past four years.
Named “CryptosLabs” after a scam website template it used, the group’s fake investment scheme is built on a highly organized group of “kingpins,” sales agents, developers and call-center operators, according to Group-IB.
Victims are lured by messages left on investment forums or advertising on social media and search engines. The gang spoofed at least 40 popular European brands from the banking, fintech, crypto and asset management industries to add legitimacy to their offerings, Group-IB claimed.
If victims clicked on an ad they would be taken to one of 300 spoofed domains hosted on 70 servers, which usually impersonate well-known financial and asset management companies.
After leaving their details on the phishing sites, the victims would be contacted by phone by a call-center scammer pretending to be a personal manager from the investment division of the relevant spoofed company.
They would be provided with credentials to log-in to the trading portal and asked to pay a €200–300 ($210–315) deposit to start investing in stocks, crypto and NFTs.
Victims would be shown fake growth curves and stats to keep them investing, with all the money heading to the scammers, Group-IB said. If a victim wanted to leave, they’d be required to pay a fee to receive their non-existent funds, which also goes to the fraudsters.
All the victims of CryptosLabs are from French-speaking parts of Europe: France, Luxembourg and Belgium. Group-IB said it identified 20 in its research, who lost around €280,000 between them. It reckons the group may have made as much as €480m ($505m) over the past four years.
“From an operational perspective, CryptosLabs is a well-organized and fully automated profitable IT business. It is one of the few scam-as-a-service operations that has such a clear geographical focus on France, Belgium and Luxembourg,” explained Anton Ushakov, head of cyber investigations at Group-IB Europe.
“Sophisticated investment scams like this are not only a threat to regular users who lose thousands of euros every day, they represent an imminent and credible risk to companies whose brands are being abused by the scammers. It’s in their power to constantly monitor and investigate such scams as no user alone can take down a prolific scam operation.”
Investment fraud cost victims over $1.4bn last year, according to reports filed with the FBI.
Group-IB said it notified French law enforcement and the companies whose brands have been spoofed by the gang.