Romanian Police, National Cyber Security Authority and Romanian Banking Association launch a campaign against on-line frauds
December 22, 2023
Joint press release: The Romanian Police, the National Directorate of Cyber Security (DNSC) and the Romanian Association of Banks (ARB) draw attention to frauds related to financial investments, within the National Project for the prevention of computer crime and digital education #SigurantaOnline (sigurantaonline.ro).
In recent months, attackers have been heavily using social media as a method to propagate fraudulent investment proposals. As part of this fraudulent initiative, compromised social media accounts or pages are used, or newly created ones, from which the attackers launch sponsored ads, which include video clips altered with deepfake technology and constructed in a way that the characters in the clip seem to promote a "national enrichment program".
In order to be convincing and have the highest possible success rate among potential victims, the attackers use both the image of well-known companies and persons from Romania (televisions, businessmen, dignitaries, TV stars or journalists). In the advertisements promoted on social media, the image of well-known companies is also used, in order to gain trust regarding the legitimacy of the offer - very large immediate gains by "buying shares" that will "generate dividends" of tens of thousands of lei. The companies whose image is used, without rights, are in most cases in the energy field. In such cases, attackers use phishing links, through which they try to obtain personal and financial data. These attacks are part of the so-called investment frauds, which are fraudulent schemes in which potential investors are promised extremely profitable investment opportunities, but which, in reality, do not exist.
When you come across such ads, we recommend that you do not access the links, do not provide personal, banking data and thoroughly check all investment offers by accessing the official websites of the companies whose image is used for their promotion. We also recommend that you carefully check the links and platforms through which personal and financial data are requested for investments, by comparing with the official Internet addresses of the company whose image is used in the advertisement on social networks, but also the verification of bidders on the website of the Financial Supervisory Authority - ASF.
Another common trap in recent months uses messaging apps as a method of propagation. Specifically, users in Romania receive unsolicited messages on these platforms, offering them the chance to earn money quickly and easily. After performing a few simple tasks, which usually involve liking, in the initial phase, a number of video clips, users receive small amounts of money in their personal accounts.
Encouraged by the fact that they can make short-term money through simple actions, users are redirected to chat groups, where they will chat 1-on-1 with attackers disguised as investment specialists. In this way, users are convinced to purchase "promotional packages" that would facilitate them a much more consistent earning for each like. Next, using social engineering techniques, the attackers will try to extract sensitive data (personal, authentication, but also financial) from potential victims, as well as significant sums of money. They try to achieve this goal by using the same pretext - short-term profit-generating "investments" - to motivate the need for the potential victim to provide sensitive data, subscribe to certain services, open new accounts or, in some cases, even to install malicious applications. The respective data always ends up in the possession of the attackers.
Ways to protect yourself from investment fraud:
- Be sure to check multiple sources (not just those provided by the attackers) for any high-earning investment proposals from unknown persons. Big winnings can hide a fraud;
- Report fraud attempts through sponsored ads to the social network where the fraudulent content is promoted;
- Be wary of unsolicited email or social media messages offering quick or big wins. Do not access links on social media platforms that promise massive money earnings in a short period of time;
- Do not communicate or maintain a relationship with representatives of financial platforms, when they are very insistent and exert pressure to get you to invest;
- Install applications on the phone/computer only from official sources;
- Make sure you are the only person who has access to the investment apps/sites, not the person who told you about the investments;
- Never provide personal or banking data to other people (account, user, Mobile/Internet banking password, card number, security code on the back of the card, etc.);
- When you receive an e-mail or a message from unknown sources, do not reply to it or access links from its content;
- If you think you have been cheated or have given your bank details to other people, immediately notify the bank where you have the accounts, the Police and the DNSC.
The cybercrime prevention and digital education project #SiguranțaOnline is meant to offer the best cyber security practices, by accessing the sigurantaonline.ro platform, to avoid internet users becoming victims of computer fraud, child pornography or malware attacks. #SigurantaOnline is an initiative of the Romanian Police, the National Directorate of Cyber Security and the Romanian Association of Banks.
The joint press release of the three institutions can be accesed here: https://www.arb.ro/sigurantaonline-nu-accesati-si-nu-promovati-anunturile-care-promit-castiguri-fabuloase/