HQ/EMEAFind out how we can help your business
The iZOOlogic Red Team has thoroughly investigated a recent incident involving a sophisticated stock investment and trading scam operated by fraudsters targeting Indian traders and investors. In this fraudulent scheme, scammers impersonate high-ranking profiles from well-known investment companies to deceive victims into investing in fake trading platforms.
- Initial Contact and Fake Social Proof
Victims are initially lured through ads, social media platforms, or direct messages promising access to an exclusive WhatsApp Group. This group is presented as a source of valuable financial advice from a reputable trading or investment company. Within the group, fake bot accounts are used to create a sense of legitimacy by sharing fabricated success stories and high returns, pressuring potential victims to act on the provided trading advice.
- Impersonation of High Authority Figures
The scam escalates when an impersonator, posing as a high-ranking executive (e.g., CEO or CIO) of the supposed company, enters the group. This fake authority figure directs group members to follow a link to receive a stock analysis report. The link leads to a WhatsApp profile with a pre-written message requesting the report, further establishing the scam’s credibility.
- VIP Membership Offers
The impersonated profile then entices victims with a limited-time offer for a VIP strategy membership, claiming it’s free for 30 days. Victims are instructed to download a mobile application through a link. This link leads to a fake app interface mimicking legitimate app stores but is actually designed to create a shortcut on the victim’s mobile device. This shortcut directs users to a fraudulent trading or investment website.
- The Scam Trading Website
Users must register with an invite code to access the scam trading website. The website’s interface is designed to look like a legitimate trading platform, offering services such as IPOs, options, and stocks. However, the site is a front for fraud, with operators potentially vanishing or blocking users, making off with any invested funds.
- Fund Management and Transaction Layering
The scam website includes a feature for adding funds, which requires a passcode from an operator on WhatsApp. Analysis reveals that the operators use various shell or rented business bank accounts for transactions. This layering of financial transactions through different accounts helps obfuscate the scam’s trail and makes it harder to trace the funds.
- Domain and Website Analysis
A closer look at the scam’s infrastructure reveals that the fraudulent website’s domain was newly registered on July 18, 2024. Further investigation uncovered over 20 similar domains registered on the same day, suggesting a coordinated scam campaign. Following is the list of the suspected domains.S.No.
Domain Registered Expires
1 ammhdcjfcsoo.com 18-07-2024 16:19 18-07-2025 16:19 2 bpphdsjfcqww.com 18-07-2024 16:21 18-07-2025 16:21 3 chhhdyyfcapp.com 18-07-2024 16:23 18-07-2025 16:23 4 dzzhdqqfciie.com 18-07-2024 16:25 18-07-2025 16:25 5 esshdqifceeo.com 18-07-2024 16:27 18-07-2025 16:27 6 fddhdeefcyyw.com 18-07-2024 16:29 18-07-2025 16:29 7 gnnhdnvfcnnm.com 18-07-2024 16:30 18-07-2025 16:30 8 hcchdvvfcnns.com 18-07-2024 16:32 18-07-2025 16:32 9 immhdssfcxfn.com 18-07-2024 16:33 18-07-2025 16:33 10 jkkhdeefcuut.com 18-07-2024 16:34 18-07-2025 16:34 11 kwuabqqmlssr.com 18-07-2024 16:52 18-07-2025 16:52 12 lbfabsdmleed.com 18-07-2024 16:53 18-07-2025 16:53 13 myyabddmlqqe.com 18-07-2024 16:55 18-07-2025 16:55 14 nppabkkmleei.com 18-07-2024 16:56 18-07-2025 16:56 15 onnabwwmlxxy.com 18-07-2024 16:58 18-07-2025 16:58 16 pbbabnnmlqsd.com 18-07-2024 16:59 18-07-2025 16:59 17 qiiaboomlppe.com 18-07-2024 17:01 18-07-2025 17:01 18 rvvabwwmlssj.com 18-07-2024 17:02 18-07-2025 17:02 19 smmabrtmlxxn.com 18-07-2024 17:04 18-07-2025 17:04 20 tbbabnnmlddj.com 18-07-2024 16:00 17-07-2025 16:00 - Indicator of Compromise (IOC)
The following indicators were identified during the incident investigation. (Note: the mentioned URLs are alive & accessible at the time we are investigating the incident)S.No.
Indicator
Type
1 https://rahulmittal.vip/s/D29vJW86 URL 2 https://api.whatsapp.com/send/?phone=918933977539&text=Hello+sir%2C+I+need+to+obtain+the+stock+analysis+report&type=phone_number&app_absent=0 URL 3 https://www.abmlvipcs.com/s/Eo651M2l URL 4 https://api.whatsapp.com/send/?phone=917797440868&text=Hello%2C+I+need+to+get+a+30-day+free+strategy+service+membership+to+join+the+15-day+100%25+profit+plan&type=phone_number&app_absent=0 URL 5 https://app.qiiaboomlppe.com/ URL 6 https://abmled.com/#/home?channel=NNG00Uyo 7 https://qiiaboomlppe.com?timestamp=1723541335290 URL 8 https://qiiaboomlppe.com/pages/tabbar/home URL 9 https://chat.whatsapp.com/GPcKIILCyCcIXNWv6U8oA6 URL
Conclusion
This scam exemplifies a well-coordinated effort to defraud individuals through sophisticated social engineering and technology. The iZOOlogic Red Team’s investigation highlights the importance of verifying the legitimacy of investment opportunities and remaining cautious of unsolicited offers and fake profiles.
