Hackers have set up dozens of websites on which deepfakes of famous people are abused to scam visitors. The operations are partly run from the Netherlands.
Researchers from Unit 42, part of Palo Alto Networks, have tracked down dozens of fake websites encouraging visitors to invest in Quantum AI. The websites look credible because they use deepfakes of various well-known individuals. Among others, they feature Giorgia Meloni, Prime Minister of Italy, Patrick Pouyanné, CEO of TotalEnergies, and Elon Musk.
A convinced visitor can leave their contact information on these fake websites. The cybercriminals then contact them with an investment opportunity of $250, about 225 euros. Victims who strike are then pressured to invest more. The money actually ends up with cybercriminals and not an investment platform.
Source: Unit 42
Dutch infrastructure
The researchers have not yet discovered which hacker gang is behind the fake websites. Because the same modus operandi is always used, the researchers suspect that a single hacker group is involved. Moreover, 86.7 percent of the campaigns use the same Content Delivery Network (CDN). The IP addresses linked to the CDN come from different geographical locations, the most important of which are the Netherlands, Russia, and the US. In the deepfake videos found, Dutch is never spoken, but English, Spanish, French, Italian, Turkish, Czech, and Russian are.
According to the researchers, the websites attract a lot of visitors, with a monthly average of 114,000. Currently, Palo Alto Networks researchers count 175 active domains advertising this fraud. Not every visitor will be convinced to invest after visiting the website, but the amount the cybercriminals can earn in this way quickly runs high.
Tip! Sitting Ducks attacks on the rise: domain names hijacked without intrusion