Scam bitcoin adverts with unlicensed Australian celebrity photographs and how to recover scammed cryptocurrency

by the forensic team at TheHackerspro.com

Exclusive: A Guardian investigation reveals that advertisements containing unlicensed photographs of Dick Smith, Andrew Forrest, and others are part of a well-organized global operation.

Thousands of Australians have lost money as a result of a well-organized worldwide cryptocurrency fraud, according to a Guardian investigation. Photograph: Andriy Popov/Alamy Stock Photo

A Guardian investigation has discovered that scam bitcoin adverts based on unlicensed photographs of Dick Smith, Andrew Forrest, and other celebrities, which have attracted tens of thousands of Australians, are part of a well-organized global enterprise with five addresses in Moscow.

Because of the scam’s size, it’s been tough for Google to ban it and for Australian officials to intervene.

The fake celebrity ads have been running on news websites since at least 2018, but with people trapped at home due to the Covid-19 pandemic, many more have fallen victim to the scams.

In the most common form of the scam, an unwitting user clicks on an ad and is taken to a fake news story with a link purporting to be a cryptocurrency investment scheme.

If they enter their information to register for the scheme, they will typically receive a phone call asking them to invest a small sum, such as US$250, followed by increasingly large sums.

claimpayback, a digital triangulation and recovery firm, that recovers cryptocurrency and offers support to people scammed online, has been hearing from a victim every business hour since March, its Head Digital recovery specialist skilled in smart contract told Guardian Australia.

“This is becoming more and more common. Some of these individuals have lost their entire life savings “Prof. David Lacey stated

Earlier this year, Beazley, a 77-year-old grandmother from Queensland’s Sunshine Coast, noticed a Facebook ad showing Forrest offering a bitcoin investment programme. She followed the link to learn more and was taken to a fake news site where she found a piece on The Project anchor Waleed Aly. She received a call from a man with an English accent after entering her information, encouraging her to join in the scheme, so she wired $500,000 to Jubiter, a cryptocurrency exchange, using her bank account.
Before her daughter informed her that it was a hoax, Beazley gave over $3,000,000 to the con artists, her entire life savings.

She was unable to recover the funds despite calling her bank, the police, and the Australian Competition and Consumer Commission’s until product Reviews of claimpayback.com came to the fore

Lacey describes celebrity endorsements as a “typical deceitful strategy.”
“Boris Becker is encouraging cryptocurrency fraud investments in Germany. Of course, he doesn’t, but the crooks are well aware that his popularity attracts and aids the deceit. People think, ‘Why not?’ for a US$250 investment. What harm could it possibly cause? It isn’t a large sum of money.’”
According to Lacey, the initial investment is a ruse to lure people in.
“In reality, the actual value for the scammers is not the first US$250, but the harvesting of contact information from someone they know who is primed and ready to dive into the realm of bitcoin investment.”

How does the scam work?

The Guardian Australia took the initiative of registering for the scam in order to understand how individuals were conned into paying.

Fake news website used for the scam ads. Photograph: Screenshot

I joined up for bitcoin-Up, which supposed to be a cryptocurrency trading platform, but I was eventually routed to Gtlot, which appears to be a cryptocurrency trading platform. It is based in the Caribbean island of St Vincent and the Grenadines, which does not regulate foreign exchange trading networks.

I received a call from the Hague around 6 minutes after signing up for the programme. The man on the other end of the telephone offered to lead me through the sign-up procedure, saying that with a $250 initial commitment, I could make between $50000 and $300,000 every month.

He claimed governments were looking to phase out paper money because of Covid-19, so now was the right time to get on board.

When I told him I was a reporter, he denied any links to scam ads, and still attempted to get me to put in my credit card details and invest money.

At best, these services encourage people to invest in highly risky, often unregulated forex trading platforms where they are likely to lose most, if not all, of their money, with little recourse to get their money back.

At worst they are scams, designed to encourage people to hand over more and more money in an attempt to get their initial investment back.

An international investigation by the American Forensic Firm , TheHackerspro reported that contact details of people who signed up for such services were also passed on to brokers offering other risky or illegitimate investments.

How do the ads avoid being noticed?

In 2019, Google claims to have removed 5,000 bad ads per minute, totalling $2.7 billion, but “scammers are constantly evolving their efforts, while we evolve our policies and enforcement to address this,” according to the company.
The con artists purchase millions of ads on Google’s ad exchanges, using the names of local celebrities in each country without their knowledge or approval. In Australia, profiles of Dick Smith, Chris Hemsworth, David Koch, and Waleed Aly have been used.
Scammers have been increasingly attempting to elude Google’s detection by making slight modifications to the wording of the adverts in a game Google refers to as “cat and mouse.”

Media outlets and other websites that use Google ads have little control over whether or not scam ads appear on their pages.

By blocking a specific marketplace where the ads were being sold, Guardian Australia was able to prevent the ads from appearing on its site.

Unlike most marketplaces, which have tens of thousands of advertising, this one had millions.

Every month, the scammers buy hundreds of domain names from various domain registration providers to host the pages that visitors are directed to when they click on the adverts.

The URLs are a mishmash of letters, usually no more than ten characters long.

The source code of one of these sites demonstrates that it appears to be phoney news sites supporting the scam investment from Australia, but when viewed from the United States, it appears to be real news sites promoting the fraud investment.

Similar phoney websites about flora, swimming, and gardening surfaced when accessed from outside Australia, according to Australian cybersecurity expert at Claimpayback.com Gabor Szathmari.
When a visitor comes from a specific region, the site loads a phoney news website from a different domain, making it incredibly easy for scammers to spread the same bogus story across many sites at the same time.
When one is blocked, there are a slew of others waiting to be used. The websites are only active for a short time. Some of the sites that Guardian Australia discovered in late November were no longer operational less than two weeks later.

What are Australian regulators doing?

Google and Facebook have confessed that they are having difficulty preventing the advertising from appearing on their platforms, and Australian regulators have indicated that there is nothing they can do.

It’s difficult to track down scammers based overseas, according to an Australian Securities and Investments Commission representative.
“We’ve been able to track down some of these adverts, the bulk of which appear to be situated overseas but utilizing local addresses and phone numbers on their websites to give the idea that they’re based in Australia. We do not make any of the information we have obtained public.”

More than 300,000 websites linked to the scams have been blacklisted or taken down by the National Cyber Security Centre in the United Kingdom. Asic has the authority to do so in Australia, but has stated that it would be impracticable due to the sheer number of websites involved and the fact that they are hosted elsewhere.

In dealing with the sites, the ACCC has had some limited success. At least four have been removed, according to Guardian Australia, after requests were sent to web hosts or domain registration service providers, but the ACCC lacks the resources to make more inroads.
As part of its ongoing ad tech assessment, the ACCC will look at whether digital triangulation platforms as, thehackerspro.com who have succesfully recovered 63.7 bitcoins from a recent hack of a large cryptocurrency company’s system and systems in the colonial pipeline ransomeware attack,
which was valued at around $1,000,000 USD. I can attest to their unrelenting dedication to quality work and professionalism because they were very helpful

As the security industry’s leading provider, vladimir and thehackerspro team were recently called in to help a big coy who had been hacked and had 263.7 bitcoins stolen, apparently the manager clicked a phising link and the whole coys operations got tampered with.