Multi-stage fraud scheme has exploited the likes of Singtel and SingPost, and celebrities like JJ Lin and Bryan Wong
Using the names of local brands and celebrities, scammers are targeting Singaporeans in an elaborate scheme to steal their personal data.
Recently, they have also exploited the Covid-19 pandemic, using news of it as clickbait.
The list of local brands and personalities exploited in the scheme includes SingPost, Singtel, businessman Adam Khoo, singer JJ Lin, and actor-host Bryan Wong .
Singapore-based cyber security company Group-IB recently uncovered the multi-stage fraud scheme, finding parts of it are tailored specifically to Singaporeans.
It is dubbed the Rabbit Hole fraud, and Mr Ilia Rozhnov, the head of brand protection and anti-piracy at Group-IB in the Asia-Pacific region, said it is a complex scheme.
He said: “It involves multiple steps and at least two main parts: The White Rabbit, which is the stage during which fraudsters attract traffic via social media, SMS or doorway pages, and the bottomless Rabbit Hole, which involves the actual attack, theft of money, personal information or interception of payment data.”
The cyber security researcher said victims would be enticed to click on fake ads featuring brands, individuals or current affairs, before being led through a maze of page redirects to a fake survey.
Victims are enticed to fill up these surveys with their personal and payment information with the promise of a voucher or entry into some lucky draw.
It is estimated that such resources, which include the fake survey pages, can each have up to 5,000 visitors daily.
In one instance, a survey claiming to be from M1 offered victims a chance to get a new phone for just $1.
Initially, those who entered their payment information got only a charge of $1, but saw other fraudulent charges to their credit cards within a month.
Mr Rozhnov said the fraudsters chose known and trusted companies and brands.
“We have seen more than 10 Singaporean brands actively exploited by the fraudsters in the Rabbit Hole scheme.
“It’s hard to tell how many people actually submitted their personal information, but we’ve discovered close to 100 fraudulent resources tailored for Singaporeans.”
Just yesterday, McDonald’s issued a statement regarding a link being shared with a fake promotion, and urged customers not to fall for the ruse.
Mr Lars Voedisch, managing director of PRecious Communications, said it would be wise for brands to monitor such scams and issue clarifications.
He said: “If you’re a brand and believe the impact is big enough, you should be coming out to clarify with a statement.
“The scam is not your fault, and you can’t control it, but it’s about the perception and what your brand becomes associated with.”
He added that from a public relations viewpoint, how brands respond would affect how they are seen.
He said: “If well-managed, the brand’s personality then grows. But if they ignore or just brush it aside, they may be perceived as arrogant, damaging their image further.”
0 Comments