Scammers have turned to using famous Singapore people to hoodwink unsuspecting investors.

Researchers have discovered a network of 18 active web resources aimed at tricking users from Singapore into visiting a shady bitcoin investment page.

The fraudulent scheme is distributed via fake websites or screenshots of articles from the Straits Times, a mainstream news publication. These websites, in order to establish trust, spread articles with fabricated testimonials of prominent local personalities about a cryptocurrency investment platform that “made them rich.”

All these articles contain links that lead to phony websites promising to “get rich with bitcoin revolution.” The team from Group-IB Brand Protection, which discovered this widespread ruse, urges Singaporeans and other Asians to avoid visiting these resources and sharing any personal data. The list of active websites discovered so far has been provided to SingCERT (Singapore Computer Emergency Response Team).

On Feb 5, the media agency Channel News Asia carried a report about a website using false comments attributed to Ho Ching, the CEO of Singapore’s investment group Temasek Holdings. Back in 2019, the Monetary Authority of Singapore (MAS) had also issued a warning on a fraudulent website soliciting bitcoin investments.

As part of the scheme, the fake websites or advertisements spread strikingly similar articles featuring fabricated endorsements and quotes of local politicians, entrepreneurs and celebrities such as Minister Lee Hsien Loong, Ho Ching, Adam Khoo, JJ Lin, Henry Golding, Kim Lim, Peter Lim, Zhang Yong, Eduardo Saverin, Goh Cheng Liang, Anthony Tan and others.

One of the examples of fake celebrity endorsement of a shady bitcoin investment scheme called “Bitcoin Revolution”:

“You may have heard about this new cryptocurrency investment platform called Profit Revolution that’s helping regular people in Singaporean, Asia and North America build fortunes overnight. You may be skeptical because it sounds too good to be true…I get that because I thought the same thing when a trusted friend told me about it. But after seeing with my own eyes how much money he was making, I had to try it for myself. I’m glad I tried it because it was some of the biggest and easiest money I’ve ever made. I’m talking tens of thousands of dollars a day on autopilot. it’s literally the fastest way to make a windfall of cash right now. And it’s not going to last for much longer when more and more people find out about it. Or when banks shut it down for good.”

The articles contain several links to a “Bitcoin revolution” website that promises to “change your life today” and asks for some personal data.   

The fraudsters behind this scheme have created dozens of fake websites using the same template without even bothering to slightly change the contents of the articles, except for the names being used for fake endorsements. To attract users to their shady websites, they use ad networks and exchanges. In many cases, users are being redirected to these resources, for example, after visiting a website with specific advertisement. 

With the help of its Threat Intelligence system, Group-IB has so far identified 18 connected infringing domains targeting Singaporeans by analyzing its contents, domain names, visuals, registration dates and other parameters. All these domains were registered over the past two years. Connections to other shady bitcoin resources targeting users outside of Singapore have been discovered as well, and these are now being analysed by Group-IB’s Brand Protection team.

The research continues, said Ilia Rozhnov, Head of Group-IB’s Brand Protection in APAC: “While online users should always stay vigilant and follow basic cyber hygiene, brand owners should remember: unhappy customers and fans act fast. Even after one negative experience, many customers are likely to lose trust and abandon a brand. Brand owners, be they a media outlet or a celebrity, should constantly monitor any potential abuse online in the domain names, website interface, phishing website databases, social media and elsewhere.”

To spot a scam, users should always check if a URL matches the name of a media outlet whose logo is being displayed and if any part of the name contains suspicious characters or deviations. It goes without saying that web resources requesting personal or payment data should always raise alarm bells.