A cybersecurity firm called Resecurity has discovered a large investment fraud network known as “Digital Smoke”. The group of bad actors have set up a massive infrastructure to impersonate popular Fortune 100 corporations in order to defraud consumers in regions such as Australia, Canada, China, Colombia, the European Union, India, Singapore, Malaysia, United Arab Emirates, Saudi Arabia, Mexico, and the US.
They use high-demand investment areas such as financial services, oil & gas, renewable energy, EV batteries, electric vehicles, healthcare, semiconductors, and world-recognized investment corporations and funds with a global presence.
The bad actors create fake domain names with similar brand spelling and promote them on social media and instant messenger apps to attract investors.
The group is known for its focus on oil markets and renewable energy products, a unique aspect of their campaign, and has impersonated multinational providers of drilling and major oil corporations such as Shell, Glencore, Ovintiv, Lukoil and others.
scams offer victims the opportunity to invest in new oil fields, construction of petroleum stations, and technologies related to the renewable energy sector. Digital Smoke has also targeted state-owned organizations, including the India Brand Equity Foundation, a Trust established by the Government of India, and copied the profile of the Minister of State for Foreign Trade in the United Arab Emirates to defraud users.
Investment fraud causes serious damage to investors beyond monetary losses, including health, marital, and trust problems resulting from financial scams, according to a FINRA survey. Businesses also experience significant damage in customer loyalty and brand reputation, negatively affecting sales and market profile.
The FTC reported that people reported losing $8.8 billion to scams in 2022 alone, with investment fraud, including ponzi and pyramid schemes, exceeding $5.8 billion in the US and over $77 billion worldwide. The Digital Smoke group used thousands of related domains for “cloaking” (Black SEO), hidden redirects, and short URLs for the protection of the payment gateway used to collect payments from victims, leveraging AliPay (China) and Unified Payments Interface (UPI) along with cryptocurrencies.
The Digital Smoke case highlights how investment scams have become more sophisticated than before. Fraudsters are investing large amounts of time and effort to prepare high-quality resources which look almost identical to their well-known investment product counterparts.
For each investment scam they ran, they also created a separate mobile app with a unique design. The bad actors registered multiple fake domain names, which had similar brand spelling, and asked victims to make a deposit by sending payment to an account registered in India.
The information about Digital Smoke, along with the identities of key actors, has been shared with the Indian Cybercrime Coordination Center and the US Law Enforcement, and many of the scam projects have been terminated.