• Patrick Dunlop

Case Study: Social Media Scams



As the digital landscape evolves, so does the effectiveness and creativity of cybercriminals. This is making cyber phishing scams harder and harder to identify.


Social media platforms have recently become out of control with the influx of fraud due to cybercriminals impersonating others. We have seen this on almost all social networks, including Facebook, Instagram, Twitter, and TikTok. This correlates with our service offerings of digital investigations, forensics, and reputation management here at Inquisitive Intel. In this blog, we would like to inform our clients of the inner workings of these scams while having a little bit of fun along the way.


Let's Go Phishing for a Scam


I believe the easiest way to get approached by a cybercriminal is to "follow" an unverified YouTube creator on the Instagram social network, particularly in the subject of personal finance. For this example, using a burner account, I followed the personal finance influencer @griffinmilks. Griffin has over 84,000 YouTube subscribers and over 13,000 Instagram followers.


@griffinmilks on the Instagram social network.

Shortly after I followed the @griffinmilks account, multiple fraudulent accounts requested to follow and direct message the burner account. This includes two accounts posing as Griffin Milks. @official.griffinmilks and @griffinsmilks.


New Followers

Followers gained after "following" @griffinmilks.


Fraudulent Account




On The Hook

Now that we have a fraudster on the hook, let's see where we are taken.





While our fraudster internally grapples with the morality of the situation, let's take a look at the website.




The Website




This website displays all of the typical buzzwords Inquisitive Intel often sees when capturing and preserving digital evidence regarding online scams.


  • 100% Profit

  • Trade Crypto, Forex & Stocks

  • Activate Bonuses

  • Ect...


Looking at the Whois information regarding the domain name astrocapitalmarkets.com, we are met with a Whois privacy guard that only displays a city, street, postal code, and phone number. This correlates with the company "Withheld for Privacy," which allegedly operates out of a Regus office space on top of an H&M store in Iceland.


Whois information for astrocaptialmarkets.com.
Google Street View of Kalkofnsvegur 2, 101 Reykjavík, Iceland
Satellite view of Kalkofnsvegur 2, 101 Reykajavík, Iceland.
withheldforprivacy.com


Let's Create an Account


*Inquisitive Intel would never encourage anyone to create an account on a scam website such as "Astro Capital Markets." We are doing so with an extensive security posture for educational purposes only.*


Account Creation

If you were wondering, the green "legal documents" button redirects back to the website's home page.


Now I welcome you to the Astro Capital Markets trading dashboard!


"Trading Dashboard"

According to the website, to "start trading," Bitcoin or Etherium must be deposited into the fraudster's wallet. "Perfect Money" and "Bank Transfer" are "currently unavailable."


Payment Methods


Follow the Money


Seen below is the Bitcoin wallet address that allegedly represents AstroCapital Markets. All cryptocurrency sent to the Astro Capital Markets Bitcoin wallet is quickly moved to a personal wallet on the Binance platform and away from their targets.


Bitcoin Full Diagram

Bitcoin Simplified Diagram

Next, we look at the Ethereum wallet that allegedly represents Astro Capital Markets. Similar to the Bitcoin wallet, the only cryptocurrency transaction deposited into the Astro Captial Markets Ethereum wallet was quickly moved to the Binance platform.

Etherium Transaction



Time to Make a Deposit


At this point in my analysis, I believe this fraudster is moving cryptocurrency out of the reach of its targets while giving the user an impression of control over their funds through the website's "trading dashboard." To test this, let's make a fake deposit and see how the website reacts.


For this example, I told "Astro Capital Markets" that I am looking to make a $1000 deposit in Bitcoin, but I need "payment proof."

Payment Methods

As I am not actually going to send this fraudster cryptocurrency, I will upload this file of a shoe I found on Google as the "Payment Proof" and submit the payment.


Shoe.jpeg

Shoe.jpeg uploaded to the Astro Capital Markets payment system.

Not to our surprise, the "payment" was approved, and our account is "credited" with an imaginary $1,000 and a $20.00 bonus.



Now we can watch our imaginary profits roll in!

Check Back in With our Fraudster


After a few hours, we have received a response from our fraudster regarding our dilemma of if we should refinance our house.


Morality Score: 2/10


How Can We Help?


Almost every social network has recently become a platform for scams and fraud. This increases the reputational and security risk of individuals, businesses, and governments. At Inquisitive Intel, we combat cybercrime by capturing and preserving fraudulent content affecting our clients as digital evidence and turning it into actionable insights. We believe it is important to take the duty of care needed to secure the online footprint of your digital assets and reduce the security risk affecting your business, your clients, or yourself. If you are looking for support in the area of cybercrime, feel free to contact one of Inquisitive Intel's experts. We would be happy to help.