A group of cybersecurity researchers has uncovered the inner workings of a fraudulent organization known as CryptosLabs. This scam ring has allegedly generated illegal profits amounting to €480 million by specifically targeting individuals who speak French in France, Belgium, and Luxembourg since April 2018.
According to a comprehensive report by Group-IB, the scam ring's modus operandi revolves around elaborate investment schemes. They impersonate 40 prominent banks, financial technology companies, asset management firms, and cryptocurrency platforms. The scam infrastructure they have established includes over 350 domains hosted on more than 80 servers.
Group-IB, headquartered in Singapore, describes CryptosLabs as an organized criminal network with a hierarchical structure. The group comprises kingpins, sales agents, developers, and call center operators. These individuals are recruited to lure potential victims by promising high returns on their investments.
"CryptoLabs made their scam schemes more convincing through region-focused tactics, such as hiring French-speaking callers as 'managers' and creating fake landing pages, social media ads, documents, and investment platforms in the French language," Anton Ushakov, deputy head of Group-IB's high-tech crime investigation department in Amsterdam, stated.
"They even impersonated French-dominant businesses to resonate with their target audience better and be successful in exploiting them."
The scam begins by enticing targets through advertisements on social media, search engines, and online investment forums. The scammers masquerade as the "investment division" of the impersonated organization and present attractive investment plans, aiming to obtain the victims' contact details.
Once engaged, the victims are contacted by call center operators who provide them with additional information about the fraudulent platform and the credentials needed for trading. After logging into the platform, victims are encouraged to deposit funds into a virtual balance. They are then shown fabricated performance charts, enticing them to invest more in pursuit of greater profits. However, victims eventually realize they cannot withdraw any funds, even if they pay the requested "release fees."
"After logging in, the victims deposit funds on a virtual balance," Ushakov said. "They are then shown fictitious performance charts that trigger them to invest more for better profits until they realize they cannot withdraw any funds even when paying the 'release fees.'"
Initially, the victims are required to deposit around €200-300. However, the scam is designed to manipulate victims into depositing larger sums by presenting them with false evidence of successful investments.
Group-IB initially uncovered this large-scale scam-as-a-service operation in December 2022. Their investigation traced the group's activities back to 2015 when they were experimenting with various landing pages. CryptosLabs' involvement in investment scams became more prominent in June 2018 after a preparatory period of two months.
A key aspect of the fraudulent campaign is the utilization of a customized scam kit. This kit enables the threat actors to execute, manage, and expand their activities across different stages of the scam, ranging from deceptive social media advertisements to website templates used to facilitate the fraud.
The scam kit also includes auxiliary tools for creating landing pages, a customer relationship management (CRM) service that allows the addition of new managers to each domain, a leads control panel used by scammers to onboard new customers to the trading platform, and a real-time VoIP utility for communicating with victims.
"Analyzing CryptosLabs, it is evident that the threat group has given its activities a well-established structure in terms of operations and headcount, and is likely to expand the scope and scale of its illicit business in the coming years," Ushakov said.
