SINGAPORE: Local artiste Rebecca Lim is yet another public figure here to have become the face of a bitcoin investment scam without her knowledge.
Since early January, The Straits Times has repeatedly seen on a reputable regional news site an advertisement with a picture of the award-winning actress captioned “Rebecca Lim shared very important news”.
The ad supposedly leads to a sponsored article on entertainment portal 8days.sg. But when viewers click on the link, they are directed to a fake news story about Lim, 37, finding a “new wealth loophole which he (sic) says can transform anyone into a millionaire within three to four months”.
The page, which mimics news website CNA, has links to a supposed crypto auto-trading programme called Bitcoin Future, which the scammers claim is the actress’ No. 1 money-maker.
In the past few years, there have been several ads fronting bitcoin scams that use unauthorised images and fabricated quotes claiming to be by local personalities such as Prime Minister Lee Hsien Loong, business magnate Peter Lim and pop star JJ Lin.
But by the time readers submit the URL of the fake Rebecca Lim ad page to the anti-scam authorities, that URL will instead lead to a dummy website with an article about Lim’s pregnancy.
These days, to retrieve the URL of a scam page, one must trawl through its codebase, which requires expertise.
Vladimir Kalugin, the operations director of digital risk protection at cyber-security firm Group-IB, told The Straits Times that scammers have been “enhancing their evasion techniques to hide their campaigns from the authorities and conventional detection tools”.
Some of them use website redirection or other methods to change the URL of a scam page without reloading its content.
Others use a camouflage technique called cloaking, where only targeted users are served the fraudulent and malicious content, while everyone else who visits the same page is served harmless content such as a 404 error page, said Kalugin, who is based in Singapore.
Scammers have also learnt to prevent crawlers and other Internet bots from accessing the scammers’ ad content, he added. This makes it harder for the pages to be detected by automated anti-scam tools.
“To counteract these techniques, authorities and cyber-security experts must work together to embrace advanced monitoring and takedown methods, and increase public awareness of potential online threats,” Kalugin said.
Another cyber-security expert, Scott Jarkoff, said the Rebecca Lim bitcoin scam highlights how challenging it is for publishers to monitor the huge volume of digital ads generated and distributed on their sites.
“Well-established companies may unknowingly host deceptive ads,” said the director of Crowdstrike’s strategic threat advisory group.
“Websites typically utilise third-party advertising networks to display ads, and scammers may attempt to sneak fraudulent ads into the rotation,” said Jarkoff.
“While reputable websites have measures for approving advertisements, the ad-vetting process is not always foolproof.”
But he stressed that publishers still have a responsibility to protect their visitors by evaluating third-party ad networks and patching security vulnerabilities in their content management systems, among other measures.
While scammers’ techniques have evolved, the “get-rich-quick” promise with which they use to lure people is the same, said Kalugin of Group-IB, which published a study in 2020 on a series of crypto trading scams “fronted” by Singaporean personalities.
Kalugin said in January 2024 alone, his firm has so far detected more than 120 scam websites promoting crypto investments, with a majority designed to steal user credentials and account recovery phrases which give users access to their crypto wallet.
While visiting scam pages might not pose an immediate threat, it is important for people to avoid leaving any personal and payment data on the websites, he said.
People should also pay attention to a website’s creation date, he added.
“Scammers create multiple websites quickly to exploit a certain trending topic, so a recently created resource should be treated with caution,” Kalugin said, adding that people can use services such as Whois to check the creation date.
He also urged the public to exercise more vigilance during holiday seasons.
“With the approaching Chinese New Year, we anticipate a surge in the number of malicious resources.
“Various holiday-themed fake promotions and lucky draws may lure people into submitting their data on fake crypto exchanges or transferring their funds to fraudsters,” he said, adding that people should always independently verify the authenticity of any content that they come across. - The Straits Times/ANN