A malicious campaign impersonating American financial advisors has been spotted targeting several hundred individuals in West Africa.
Recently discovered by cybersecurity experts at DomainTools, the ‘pig butchering’ operation uses a complex network of social engineering techniques to defraud victims.
Describing the activity in an advisory shared with Infosecurity, DomainTools said most attacks from the unnamed threat actor used professional network services such as LinkedIn to identify, research and contact potential victims.
“Notably, fraud actors associated with this campaign frequent social media platforms like TikTok and Instagram,” the advisory adds.
Further, DomainTools explained that due to the complexity of manipulating a target when impersonating a financial advisor, scam websites relating to these operations must remain accessible for as long as possible.
“Therefore, the selection of a hosting provider is critical to the success of this scam,” the company wrote. “Many of these impersonation websites have live chat widgets, allowing potential victims to interact with the impersonated financial advisor immediately.”
More generally, DomainTools CTO Sean McNee told Infosecurity via email that this pig butchering campaign is particularly sophisticated for several reasons.
“[It] is notable for the sheer scale of financial advisors impersonated and how brazen they are at creating impersonation websites,” McNee said.
“From our research, we believe this group of threat actors has a physical presence in West Africa, is acting in tandem with a ‘bulletproof’ hosting reseller, and that the campaign is still ongoing with very substantial losses, possibly in the millions of dollars.”
The CTO also explained that companies fearing similar attacks should be proactive in developing strategies to prevent their employees from becoming victims.
“Investment companies and their financial advisors should be on the alert for fraudulent domains, while new investment clients need to carefully verify the identity of any advisor they work with to avoid becoming victim to this convincing type of fraud.”
A separate pig butchering campaign targeting US victims was investigated by the country’s Department of Justice in November 2022.
Credit: Source link
Comments are closed.