Between January and March this year, at the Dâmbovița County Police Inspectorate, twice as many facts were reported of fraud committed through computer systems and electronic means of paymentrespectively with 26 more crimes compared to the similar period of the previous year.
In terms of crimes against the security and integrity of IT systems and data, in the first three months of this year, 5 more facts were reported compared to the first quarter of 2023.
Thus, in this period when technology offers countless opportunities, but also brings new and complex challenges, namely cyber threats, we want to draw the attention of citizens to the dangerous phenomenon of online investments that has become more and more frequent.
General characteristics identified with regard to this phenomenon are the promise of get-rich-quick, the ease with which sums of money are given up (victims are persuaded to transfer, sometimes very large, sums of money/cryptocurrency by unknown entities/persons, both in early phase as well as later), relinquishment of control (injured people give up easily, due to the desire to get rich and lack of technical knowledge, and relinquish control of electronic devices), high level of technical resources for attackers (attackers usually prove increased abilities to use available technical resources: multiple phone numbers, falsifying the identity of the caller, fake platforms hosted outside Europe, anonymization of crypto-currency transactions), pressure on investors (often, fraud promoters can use aggressive “advertising” tactics ” of “investments”, to get users to act quickly, such as deadlines or exclusive opportunities that “disappear fast”).
From the notifications received, it was found that most of the time the injured persons would have accessed posts on various social networks that contained advertisements regarding financial investment services, and then provided contact information on the forms provided in those advertisements .
They were then allegedly contacted by phone by unknown persons who, after repeated discussions, usually manage to convince the victims to sign up on various online investment platforms.
The investments are quite small at the beginning, of the order of a few hundred euros. The investment consists in the purchase of cryptocurrencies and their transfer to the electronic wallets indicated by the authors.
Those amounts then appear in the victim’s account opened on those investment platforms.
In many situations, under the pretext of providing technical support, the attackers convince the injured persons to install remote control applications on their used electronic devices (phone, tablet, laptop, etc.).
Thus, without realizing the effect of their action, users give attackers access to all personal and banking data accessible through devices.
Injured persons are convinced to send more sums of money (cryptocurrency) because the appearance is created that the investments are profitable, thus reaching even amounts of tens of thousands of euros “invested” in such fraudulent schemes.
When trying to withdraw the sums of money, a series of pretexts and scenarios are invented by which the authors try to convince the victims that, in order to benefit from that profit, they must transfer more sums of money, under pretexts such as: withdrawal, transfer guarantees, fines, etc.
In parallel, data accessible through compromised devices is exploited in various ways, such as opening accounts on various cryptocurrency trading platforms, fraudulent bank transfers, money laundering, etc.
One of the frequently encountered fraud methods in the situation where users give attackers access to their own devices and bank data is to take out online loans in the name of injured persons and embezzle money.
Other ways of misleading potential investors can be represented by the promotion of ads, generally on social networks, in which images of well-known companies listed on the stock exchange are used, with the promise of very large immediate earnings by “buying shares ” which will “generate dividends” of tens of thousands of lei “directly on the card” of the users.
In such cases, attackers use malicious links, with the help of which they try to obtain personal and financial data from users.
Also, recently, another method of fraudulent investment has been identified, i.e. the criminal activity begins with users receiving unsolicited messages, formulated in English or Romanian, which urge them to like certain posts on social networks, in particular clips from specialized platforms, promising them this activity as a second job or passive income.
To create an illusion of legitimacy, the authors send small amounts of money to the accounts of users who appreciate the posts, these being between 10 and 50 lei.
In the next stage, potential victims are encouraged to invest larger amounts on platforms that promise substantial earnings. These promises are reinforced by invitations to join discussion groups on an online messaging platform where supposed investment “experts” will guide them to higher returns. However, these “specialists” are actually the perpetrators who use manipulation techniques to extract sensitive data and large sums of money from the injured parties.
source: IPJ Dâmboviţa
20
