Warning! More and more sophisticated scams

Two days ago,, among other sites, published its article to warn, again, users to be careful with what they click on.

Facebook softened its ban crypto ads, and it didn’t take long for cyber-criminals to make use of that. A sponsored ad, showing a fake CNBC news article appeared on facebook, and started to steal sensitive data from users in the past two weeks. The first alert was published by the ORCA Alliance on 22nd Nov.

The ad was seemingly posted by Lithuanian musician Jonatanas Kazlauskas, and to date it has not been clarified whether the artist was actually involved or his facebook account was hacked.

The news link looking ad says: “(LIVE) CNBC: New Digital Currency of Singapore APPROVED”. What happens to those who want to know more and click is the following:

When you click on the fake news ad you are redirected and find yourself on a fake CNBC page with the headline: “Singapore, in an unprecedented move, just announced that they are officially adopting a certain cryptocurrency as Singapore’s official coin”. The article mentions celebrities to make the fake news even more catchy. The purpose of the scam is to entice naive readers to invest in CashlessPay Group - the company that, according to the article, was chosen by the Singapore government to create the new cryptocurrency.

As writes, “the deceptive news article does its best to lead readers to click on a series of other fake pages. First to the CashlessPay Group website, which copies the homepage layout from the ORCA Alliance ICO project. Then, a registration form accessible at the top of the website asks users to fill in their personal data, including email address and phone number. Once the form is filled in, the victim is redirected to fake cryptocurrency exchange websites. HardFork was able to identify two of the fake exchanges - Roiteks and CoinPro Exchange.Once on any of the pages, victims are asked to enter additional personal data and credit card details in order to make a deposit.”

At that point, whatever information, whether correct or incorrect, is given, the fake exchanges display an error message: “Transaction was not successful”.

By then, the targeted users have already granted access to valuable personal and credit card information for the manufacturers of the scam.

According to experts, cybercriminals have been reallocating their resources and, moving away from ransomware, they mostly have been working out schemes of cryptocurrency mining malware recently. In addition, newer and newer scams appear in the ad sections of social media, targeting naïve users, and there are a lot of them, unfortunately.

Users cannot be blamed because quite often it’s very hard to notice the difference between a genuine and a fake website.

All we can do is remind our readers and ourselves again and again to check twice the web addresses where they are redirected to when they click on a promising ad.

Be careful. And even more careful.


Zsolt Balló