Investment fraud accounted for the largest losses of any US scam in 2022, totaling $3.31 billion, according to the FBI’s Internet Crimes Complaint Center.

Cyber Researcher Stumbles Upon Fraudulent Cryptocurrency Network

Jeremiah Fowler, a cybersecurity researcher, accidentally discovered a fraudulent cryptocurrency mining and investment network after a friend’s friend requested information about a company promoting cryptocurrency mining and investments.

The website promised promising returns, but Fowler discovered that the friend had already transferred thousands of dollars worth of Bitcoin. When they tried to withdraw, the fraudsters demanded additional fees and threatened to close the account if Fowler did not send more money. Fowler’s friend realized the investment was fraudulent, with no profit and no return.

Investment fraud accounted for the largest losses of any US scam in 2022, totaling $3.31 billion, according to the FBI’s Internet Crimes Complaint Center. Scams involving cryptocurrencies made up 183% of all fraudulent activity, with $2.57 billion in reported losses in 2022.

Due to the fact that scammers frequently hid behind anonymous websites and encrypted chat programmes, many victims either failed to report the scam or were unaware that it had occurred.

Jeremiah Fowler, a cybersecurity researcher, looks into the financial dangers of cryptocurrency investment fraud and how it might affect potential victims in the future.

Data detective Fowler initially considered finding the owner of a cryptocurrency mining website to be an intriguing puzzle. But he found a sizable global fraud network that preys on inexperienced crypto investors. Fowler’s investigation aims to safeguard the financial security of current victims and shield them from similar scams in the future.

How the scam works

The con started as a social engineering attack, which takes advantage of psychological vulnerabilities and manipulates trust. This technique is used by scammers to trick their victims into doing things that will help them. The victim was contacted on Instagram under the guise of a friend and instructed to get in touch with a mystery person who the con artist had made an investment with.

The perpetrators then sent the victim a website link, a name, and a WhatsApp or messenger contact. The con artists have several websites, each with a contemporary-looking template, graphs, phoney images, and text that reads naturally. Despite being written in sloppy English, the text conveys the impression of a reliable investment company.

When a victim tries to deposit, scammers frequently pretend to accept popular credit cards and payment methods while only accepting Bitcoin. The victim might get an initial withdrawal after investing the bare minimum, along with a small profit.

They choose to leave money in their account or add more money to their Bitcoin holdings because they are confident in their transactions. Three membership tiers are available, each with a minimum investment requirement and up to 20% in guaranteed monthly returns.

As people are more likely to invest when someone they know and trust endorses the scheme, they encourage victims to enlist the help of friends or family. Until the victim realizes they cannot withdraw their investment and the alleged profits are made up, this process will continue.

Reviewing the website

The website scammed Fowler friend was a well-known corporate brand name with the word “invest,” creating a false sense of trust with potential investors.

However, the website had fake company leaders, a prewritten script for the CEO’s chat feature, a non-functional phone number, and an image of a UK registration document that did not match the records of Companies House, the British Government agency responsible for company registration. These clues led the user to suspect the website was not legitimate and to investigate further.

A website’s source code may contain useful information, such as analytics accounts, templates, and particular footprints. Fowler found that people operated a vast network of nearly 300 websites, some of which were clones and others of which were slightly different, all of which offered fictitious returns and documents purporting to be fake business registrations from various nations.

However, some domains were registered to people based in Nigeria. The majority of domains were registered with privacy protection. The.US domains cannot be registered privately because they were created for US citizens only. It appears that no one by that name lived at the listed address, and the domains were registered to a person with an illegitimate last name.

This diagram demonstrates how con artists change up their website hosting. In this manner, if they are discovered or reported, they will only lose a portion of their network as opposed to shutting down their entire business.

This image demonstrates the use of corporate brand names and logos to entice investors. The con artists use popular company names like Tesla, Forbes, Boeing, and others.

This screenshot displays allegedly legitimate accounts complete with names, wallets, and profits. Over the course of several days, Fowler checked the same website multiple times, and the names and data remained the same.

The US address where many of the websites were registered is displayed in this Google Maps image.
A screenshot of a chat message sent to a victim reveals a scammer with $782,209 in their crypto wallet, ready to transfer a profit of $32,238.96 to the investor’s wallet.

The message was sent before the scammers asked for another deposit and additional fees. The date on the screenshot was off by several months, indicating a red flag. The scammer threatened to send the police to the investor for refusing to make another deposit, which is not common for legitimate investment companies.

The complaint also includes an allegation of hacking to target friends of the compromised accounts. This screenshot shows how social media accounts are used to build trust with would-be investors. They appear in the search results when you look for “[name of the website] + scam”.

When a potential victim tries to research one of the websites, the first things they see are fake social media accounts from people who claim to be employees of banks and fraud detection specialists. These fake profiles lead potential victims to believe that the company they’re looking into is legitimate.

This screenshot displays the outcomes of an IP logging link that was sent to the scam websites’ customer service email addresses. People using a variety of different devices and operating systems, including multiple IP addresses with Nigerian origins, clicked on the link.

This implies that a number of people who are operating the scam ring and have access to the customer support email account are probably involved. The same IP addresses appeared in the logging results when I repeated this on several websites with various hosting companies.

Scams involving cryptocurrency investments are a serious problem with a lower chance of recovery than those involving more conventional financial schemes. It can be challenging to spot con artists because of the decentralised and pseudonymous nature of cryptocurrencies.

It’s critical to conduct extensive due diligence on a company or website before investing to prevent becoming a victim of fraud. Since scammers may promise high returns and demand additional fees or taxes before distributing profits to investors, legitimate businesses wouldn’t pressure customers into making additional deposits in order to withdraw money.

A separate victim reported receiving an error message stating they needed to upgrade their investment account, which required an additional payment.

The scammer offered three levels of upgrading, from basic to $850, $1300, or $2800, to facilitate smooth withdrawals.

The funds were likely stolen immediately after the initial deposit, and the scammers would open new wallets for each victim, withdraw funds as soon as they transferred their crypto investments, and close the wallet, making it nearly impossible to tie the scam’s transactions to a specific wallet.

Scammers use well-known brand names to make it difficult for victims to verify complaints or reviews, as Google search results favor top brands and authority websites. This makes fraudulent sites dangerously effective, as negative information is likely buried too deep in search results for average users to verify legitimacy.

Unauthorized use of a company’s name, known as cybersquatting or domain name squatting, is illegal and involves criminals using a domain name to profit from someone else’s trademark or brand reputation.

Jeremiah Fowler contacted the con artists directly, informed them of the investigation, and asked for a reimbursement for the cryptocurrency that had been taken. Fowler also asked for an interview, but the con artists disregarded the message and probably never gave him his cryptocurrency back.

Fowler alerted law enforcement to domain names, IP addresses, and other information, but criminals frequently evade capture. As part of the investigation, he also informed hosting companies and domain registrars, enabling them to check the websites for terms-of-service violations and record billing data to be given to law enforcement. By successfully suspending 60–70% of the domains he found, Fowler was able to stop more people from becoming victims and break up the scam network.

Hosting providers and domain registrars are failing to protect the public

The web hosting industry generated $79 billion in revenue in 2022, with the global domain name registrar market expected to reach over one billion dollars by 2027. However, unless hosting providers and domain registrars take action against cyber criminals, scams will continue to flourish. To prevent these scams, reforming how private or anonymous registrations are validated or vetted could help.

The industry focuses on sales and renewals, neglecting to protect victims. Hosting providers and domain registrars often lack meaningful reporting methods for anonymous sites and allocate resources for investigating complaints.

To ensure public protection, they should implement a Know Your Customer (KYC) system, similar to banks or credit institutions. This would prevent scammers from using false names and fake addresses, and law enforcement would know the individual behind the website when a crime is reported.

This screenshot demonstrates how many hosting companies react when given a thorough report of domains violating their terms of service and possibly engaging in illegal activity. In essence, they will only look into complaints from people who have already been duped and reported it to the police. In order to protect the public and take action against users who are abusing their services, hosting companies must do more.

How a crypto investment scam works

Scams involving cryptocurrency investments can take many forms. However, the end goal is always the same: to trick people into investing their money by promising them unrealistically high returns. The fundamentals of a typical cryptocurrency investment scam are as follows:

Initial contact:

Cold calls, emails, social media posts, online advertisements, and other forms of unsolicited communication are frequently used by scammers to contact potential victims. They might assume the personas of cryptocurrency dealers, financial planners, or representatives of fictitious investment companies.

False promises:

Scammers lure victims with guarantees of high returns on their investments quickly. They might assert that they have access to insider knowledge, well-kept secrets, or sophisticated trading algorithms that can produce sizable profits.

Urgency and pressure:

Scammers frequently create a false sense of urgency to persuade victims to make quick decisions without careful consideration. They might advise victims to take immediate action by warning that the investment opportunity is limited or that prices will rise quickly.

Fake websites or platforms:

Fraudulent websites or investment platforms that imitate reputable cryptocurrency exchanges or investment firms may be used by con artists to direct victims to. These fraudulent platforms are made to look credible and professional, making it challenging for users to tell them apart from legitimate ones.

Initial investment:

Victims are urged to put money into the scam. Scammers may demand payment in traditional or cryptocurrency under the pretence that doing so will unlock the investment opportunity.

Disappearing act:

Once the victims have deposited their money, the con artists may disappear, breaking off communication. The fake website or platform might even be shut down, making it nearly impossible for victims to get their money back or get assistance.

To protect yourself from crypto investment scams, consider the following precautions:

Do your research and due diligence:

Any investment opportunity should be thoroughly researched, including the parties involved. Check for licences or regulatory approvals, confirm their credentials, and look for reviews or cautions from reliable sources.

Avoid unsolicited offers: Be wary of unsolicited communication, particularly if it offers high returns or guaranteed profits. Cold calls, emails, and social media messages are rarely used to advertise genuine investment opportunities.

Use secure platforms and wallets:

Invest in cryptocurrencies through trusted and secure exchanges, wallets, and platforms. Make sure they have strong security measures, such as encryption and two-factor authentication (2FA).

Verify information independently:

Do not solely rely on the statements made by the person or organisation promoting the investment. Ask for unbiased guidance from reputable financial advisors or other experts.

Trust your instincts:

Trust your instinct and take the time to thoughtfully consider the investment if something seems too good to be true or you feel under pressure to make hasty decisions.

It’s crucial to notify the relevant local authorities and financial regulatory bodies if you think you’ve been the victim of a cryptocurrency investment scam. They can advise you on the right actions to take and possibly help with the investigation.