CTM360’s independent researchers have revealed an astonishing fraud operation. In total, this scheme aims to defraud users in the United States and the United Kingdom, leveraging thousands of counterfeit banking web pages. We’ve carefully traced this far-reaching enterprise through the Fraud Navigator framework. It describes the complex strategies attackers employ to maximize their impact and potency.
Our analysis shows that the infrastructure supporting this massive real estate fraud campaign is designed with scalability in mind. Mass domain registrations with high churn rates are a juicy target for fraudsters. This enables them to be able to perpetually exchange removed domains for new ones, keeping their online footprint and associated threats alive.
Tactics Behind the Fraud Campaign
For starters, the researchers found that the fraud operation was making use of shared and free hosting environments. Our first strategy allows bad traffic to flow seamlessly into good services. Consequently, users have a hard time distinguishing between actual websites and scam ones. Leveraging repurposed HTML, metadata, and branding, the campaign quickly expanded to thousands of local sites. This results in a false sense of comfort that draws in unsuspecting victims.
This allows quick and easy redeployment of fraudulent sites when current domains are blacklisted,” said CTM360, which identified more than 30 unique fraud templates. This agility reflects the criminals’ capacity to change their methods overnight, keeping online banking users under constant threat. The templates we’ve seen point to high-level planning and a clear central focus on efficiency and lowering the potential for downtime.
Geographic Impact and Scope
Just this past year, CTM360 has detected more than 11,000 fake bank domains. Of these, over 8,000 already operate within the United States, and over 3,000 have now made their home in the United Kingdom. These fraudulent domains don’t have any regulatory license or any brick and mortar location. This has chilling implications in terms of the safety and trust of users engaging with new banking practices online.
It often takes years for public awareness and technology to catch up with the criminal enterprise unfolding at such scale. As cash-strapped Americans increasingly seek out digital banking services, they have to watch out. Deceptive schemes continue to endanger their personal information and financial security.
Mapping the Fraudulent Landscape
CTM360’s Fraud Navigator framework, adapted from MITRE, gives us a wide lens view of the whole lifecycle of this ongoing fraud campaign. Beyond that, it tracks everything from asset development processes through SEO distribution. It keeps an eye on the extraction of personally identifiable information (PII) as well as crypto-based monetization. Our nuanced mapping is already proving itself as a key tool for advocates looking to comprehend the growing complexities of this continually evolving threat.
We know that cybercriminals are always changing their tactics. This is where organizations like CTM360 come into play to help protect us by finding and exploding these threats. Their scholarship is the most comprehensive and leading research that increases public awareness about fraudulent activities. It better assists our law enforcement partners in investigating and combating these crimes.