Vogons, Task Scams, HiatusRat, Cellebrite, Deloitte, Quantum, Aaran Leyland, and More – SWN #438

The recent surge in investment scams leveraging social media malvertising, company-branded posts, and AI-powered video testimonials is a significant concern for cybersecurity professionals. These scams, such as the one tracked by ESET under the name Nomani, have grown exponentially, with over 335% increase between the first and second halves of 2024. The primary goal of these fraudsters is to lead victims to phishing websites and forms that harvest their personal information, ultimately leading to financial and data loss.

Key points include:

• Social Engineering Techniques: The use of social engineering techniques to build trust with victims is a critical aspect of these scams. Fraudsters often outmaneuver even the authorization mechanisms and verification phone calls used by banks to prevent fraud.

• AI-Powered Video Testimonials: The incorporation of AI to create video testimonials featuring famous personalities adds a layer of credibility to the scams, making them more convincing to potential victims.

• Phishing Infrastructure: The creation and abuse of Meta accounts and ads, building phishing infrastructure, and running call centers are managed by different groups, indicating a highly organized operation.

• Targeted Victims: The scams often target individuals who have previously been scammed, using lures about Europol and INTERPOL to offer refunds for stolen funds, thereby exploiting their desperation.

Combating Cyber-Related Investment Scams

To combat these sophisticated scams, companies can implement several measures, including partnering with brand protection companies like Bolster. Here’s how companies can protect themselves and their customers:

1. Advanced Detection Systems: Employ advanced detection systems to identify and respond to phishing attempts and fraudulent activities. Continuous monitoring and regular security assessments are crucial.
2. Employee Training and Awareness: Conduct regular training sessions to educate employees about the latest phishing techniques and social engineering tactics. Awareness programs can help employees recognize and report suspicious activities.
3. Incident Response Plan: Develop and maintain a comprehensive incident response plan that includes steps for identifying, assessing, and mitigating the impact of phishing and fraud incidents.
4. Brand Protection Services: Utilize brand protection services like Bolster, which proactively search the internet for fraudulent content and can take down URLs, websites, apps in app stores, Telegram channels, and fake social media pages. Bolster's platform can identify instances of scams across various digital platforms and send takedown requests to relevant platforms.

Role of Brand Protection Companies

Brand protection companies like Bolster play a vital role in combating these scams by:

• Proactive Monitoring: Continuously monitoring the internet for fraudulent content and identifying potential threats.

• Takedown Requests: Sending takedown requests to platforms hosting fraudulent content, including social media sites, app stores, and website hosts.

• Communication and Coordination: Working closely with companies to fine-tune search parameters and ensure effective monitoring and protection against new threats.

• Incident Response Support: Providing support during incidents by helping to assess the depth of data compromised and taking swift action to mitigate the impact.