International. Criminal groups are developing scam campaigns through the manipulation of deepfake videos using the image of public figures, including CEOs, news anchors and senior government officials.
These operations have been carried out in different languages and spread false investment schemes, as well as fraudulent gifts in the name of governments. Researchers from Unit 42, cybersecurity experts, discovered dozens of scam campaigns targeting potential victims in different countries, including Canada, Mexico, France, Italy, Turkey, Czech Republic, Singapore, Kazakhstan, and Uzbekistan. Due to their tactical and infrastructural similarities, they estimate that many of these campaigns arise from a single group of cybercriminals.
In June 2024, hundreds of domains were discovered that were used to promote these scams, being able to document that each domain was accessed an average of 114,000 times worldwide since they were launched, according to
displays the Passive DNS (pDNS) telemetry for Unit 42.
Through different campaigns, numerous videos were generated that cybercriminals were sharing widely through websites hosted on newly registered domains. Upon further investigation, experts identified that the videos were primarily hosted on a single domain: Belmar-marketing.online.
Here's how it works
The first videos spread a campaign promoting an investment scheme called Quantum AI, so researchers studied the fabrication behind each to track its spread over time. It was through the
infrastructure used that several additional campaigns were revealed in different parts of the world.
The criminals deployed completely different themes in their various scam attempts that they developed in various languages and using the image of public figures and business leaders, suggesting that each campaign was designed to reach a
Different target audience on each occasion.
In most cases, they started with a legitimate video to which they added a fake audio generated by Artificial Intelligence. Finally, they used lip-sync technology to modify the speaker's movements so that it matches the manipulated sound. In most of the videos, Elon Musk was used as a well-known figure, although other public figures were discovered.
The groups behind these scams often first use these types of social media ads or fake news articles to link to fraudulent websites that ask for the victim user's contact information.
After visiting the scam's homepage and filling out a form to register on the platform, one of the scammers calls the victim on the phone. In this call he tells him that he must pay a certain amount of money to
provide you with access to the Platform.
The scammer then instructs the victim to download an app so that they can "invest" more of their funds. Within the app, a dashboard appears showing small wins. From there, criminals continue to persuade those affected to deposit more money and may even allow you to withdraw a small amount as a way to gain their trust.
Finally, when the victim tries to withdraw their funds, they demand withdrawal fees or interpose some other reason why they cannot get the money back. It is when they proceed to block the account and keep the remainder, which makes the victim
lose most of it you put on the "platform."
Despite the use of generative artificial intelligence (GenAI) in these campaigns, traditional investigative techniques are still useful for identifying the hosting infrastructure that threat actors are using. However, as the malicious use of technology increases, so will the capacity and sophistication of security systems to proactively detect and prevent these types of attacks.
Leave your comment