Infoblox has today released a report revealing how Savvy Seahorse, a leading perpetrator of online cybercriminal investment scam websites has used ads on Facebook to lure victims in Australia and New Zealand since 2021.
According to the report, Savvy Seahorse uses Facebook ads to lure in victims and convince them to open accounts, make deposits, and invest in companies including Tesla and Meta.
Once deposited, the cybercriminal gang then transfers the funds to a bank in Russia. Its tactics, techniques, and procedures (TTPs) also include ChatGPT and WhatsApp bots imitating online webchats to encourage victims inquiring about the investment platforms.
In Australia, the Australian Competition & Consumer Commission (ACCC) has reported investment scams were responsible for almost half of the A$3.1 billion Australians lost to scams in 2022. Meanwhile in New Zealand, the Government has warned about ‘out-of-the-blue’ investment scams, which were a major contributor to the nearly NZ$200 million New Zealanders lost to scams in the same year.
As well as Australians and New Zealanders, Savvy Seahorse targets Russian, Polish, Italian, German, Czech, Turkish, French, and Spanish speakers, but deliberately, and for reasons unclear, excludes traffic from Ukraine and a handful of other countries.
In the report, Infoblox details how the threat actor uses a specific type of domain name system (DNS) attack to map website domains and route internet users via traffic distribution systems (TDS) to scam websites that often mimic legitimate sites.
Savvy Seahorse used new method
This is the first time the cloud and networking security company has seen this approach, which has been a key factor in Savvy Seahorse’s ability to remain hidden for so long.
“Australia and New Zealand have high disposable income per capita and there are many mum and dad investors looking to play the market,” said Renée Burton, Infoblox’s head of threat intelligence and a former senior executive with the U.S. National Security Agency (NSA).
“Threat actors like Savvy Seahorse see opportunity in this, and the advent of social media advertising gives these cybercriminals a cheap and easy way to flaunt their scam websites to millions of people. The old adage of ‘if it seems too good to be true…’ is important to remember. Knowing that criminals are out to steal from everyone, we all need to be extra vigilant when investing money or giving financial credentials through websites,” Burton said.