Scammer Group Uses Business Email Compromise to Impersonate European Investment Portals

Scammer Group BECA sophisticated scammer group has stolen at least €480 million from victims in France, Belgium, and Luxembourg since 2018, according to researchers at Group-IB. The gang uses a highly detailed scam kit called “CryptosLabs,” which impersonates investment portals from more than forty major European financial entities.

“Right out of the block, the victims are promised high returns on their capital,” the researchers write. “To find the ‘investors’ scammers leave messages on the dedicated investment forums or use legitimate advertising mechanisms on social media and search engines to promote the scheme. To appear trustworthy, such ads feature logos of notable banking, fin-tech, crypto, and asset management companies active in France, Belgium, and Luxembourg.”

After clicking on one of the scammers’ ads, the user will be taken to a webpage where they’ll be asked to enter their contact details.

“Interestingly, the victim doesn’t get immediate access to a fake investment platform. The scammers’ call center verifies the information to identify the most likely targets. Masquerading as personal managers of investment divisions of the companies that victims saw on the social media ads, call-center operators reach out to the victims to clarify further steps, explain how the platform works, and provide credentials to start trading.”

The scammers go to a great deal of effort to interact with their victims professionally, convincing them to continue investing money. The scam kit even shows phony growth charts on the victims’ investments.

“After successfully logging into an investment portal the victim sees multiple made-up graphs and charts all indicating sky-high returns and growth stocks,” the researchers write. “After some time, the victim is contacted by a ‘personal manager’ again to sign a fake engagement document and make a €200-300 deposit to activate the account. Once the victim pays, the money goes straight into the scammers’ pockets. The victim is finally granted full access to a branded fake trading platform. Those who make it that far can see the account balance and multiple juicy investment opportunities in stocks, crypto, NFTs, and contact their ‘personal manager’ at their convenience. Some panels seen by Group-IB offer victims up to 17 different investment strategies. The fake platform does everything to keep the victims happy by showing them made-up exponential growth curves and encouraging them to deposit more funds to multiply their investments.”

New-schools security awareness training can give your organization an essential layer of defense by enabling your employees to recognize social engineering attacks.

Group-IB has the story.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews