General Trends
11
mins read

Fraud Claims and Facts: An Analysis of Misinformation in U.S. Elections

Explore the alarming rise of misinformation in U.S. elections and the digital tactics used by threat actors to undermine public trust and harvest sensitive data. This in-depth analysis reveals how sensationalized election fraud claims, health misinformation, fake investment schemes, and crypto scams target unsuspecting users through social media and deepfake content. Discover the extensive impact of these scams on users’ financial security and mental well-being, as well as the essential measures, like advanced AI tools and media literacy, to combat these manipulative campaigns. Stay informed to protect yourself and others from the digital threats that jeopardize election integrity.

CloudSEK TRIAD
November 5, 2024
Green Alert
Last Update posted on
November 6, 2024
Beyond Monitoring: Predictive Digital Risk Protection with CloudSEK

Protect your organization from external threats like data leaks, brand threats, dark web originated threats and more. Schedule a demo today!

Schedule a Demo
Table of Contents
Author(s)
No items found.

Executive Summary

Threat actors exploit election season in the U.S. to target individuals with sensationalized claims about the electoral process, health misinformation, and fake investments. This leads to data exposure, financial losses, and eroded trust in institutions. Using social media platforms like Facebook, actors spread inflammatory messages to undermine election integrity. For example, an advertiser named “The Tech Prophet” spent over $7,000 on deceptive ads, reaching up to 150,000 viewers and funneling users to data-harvesting websites like “pro.insightandincome.com.”

Health misinformation ads, promoted via sites like “pro.joinhsi.com,” lure users with free subscriptions but redirect them to payment pages, impacting both finances and wellbeing. Additionally, AI-generated videos promoting fake government stimulus initiatives drive viewers to phishing sites like “prizestash.com,” with advertisers like "Liberty Giveaways" running over 290 misleading ads.

Threat actors also exploit cryptocurrency by creating fraudulent tokens mimicking political campaigns, particularly on the Solana network, leading to financial losses and regulatory concerns. Victims often face financial and emotional distress, with little chance of recovering funds.

This disinformation ecosystem impacts hundreds of thousands of U.S. users, resulting in millions in potential losses. A strong response is essential, including deepfake detection tools, election cybersecurity, regulatory action, and public education.

This report aims to raise awareness about the scams discussed above and outlines potential methods for identifying them. It is crucial for technology to keep pace with the rapid evolution of scams to effectively counteract them. To contribute to this effort, this report serves as a case study demonstrating the use of CloudSEK’s Deepfake Analyzer for scam detection and analysis.

Misinformation

Election Fraud

Fake domain spreading misinformation about US elections

Modus Operandi:

  • Initial Misinformation about Elections: The facebook ads show sensational or misleading claims about election processes or outcomes, aiming to foster distrust and intrigue among readers. The threat actors amplify the message across social media, emails, or conspiracy websites to maximize reach and attract susceptible audiences. Emotionally charged language is used to evoke fear, urgency, or anger, priming readers to search for further information or solutions.
  • Redirect to fake domain: Once the user clicks on any such ad, it redirects them to a fake website ‘pro.insightandincome.com’ that contains a long video that promotes a book or resource that allegedly offers insider knowledge or strategies related to the elections. The tactic includes using clickbait-style headlines and emotional appeals to drive traffic, while the ultimate goal is likely to harvest user information or encourage financial transactions for the promoted material.
  • Payment Gateway: Clicking the ‘Subscribe Now’ or purchase button leads users to a fraudulent domain ‘order.paradigm-press.info’ that is impersonating the official Paradigm Press website via its logo. The website then asks users to enter financial information and complete the purchase to get the book delivered to them.

Redirect chain: 

Flowchart shows the redirect chain 
  1. http://clicks.americanfreedomreport.org/aff_c?offer_id=980&aff_id=1028&url_id=834
  2. https://pro.insightandincome.com/p/awn_electionmeltdown49_1024/PAWN4A31/?cake_s1=11_170645966_c8ac1e1e-8d96-4cf5-96f3-e255d891b028&h=true 
  3. https://order.paradigm-press.info/journey/awn_electionmeltdown49_1024/1?promocode=PAWN4A31&cake_s1=11_170629663_0f143a3f-929f-4629-b6b8-ab52a9b45ff...&pagenumber=2&organization-abbreviation=AF 

Fake domain targeting US elections

Fake domain impersonating paradigm press

Impact:

  • The advertiser named ‘The Tech Prophet’ has spent $271,469 between 7 May 2018 - 1 Nov 2024 on these ads that have reached an audience of 4K-5K people per advertisement. The advertiser is running 100+ ads on the facebook platform as of writing this article.
  • In total the advertiser has spent almost $6K-$7K (USD) on these ads that has reached a staggering 125K-150K users in the United States.
Meta ads library shows the amount spent by The Tech Prophet on ads and its reach

Details of the fake ads being run related to the US elections

Source:

Health Science Institute

Fake domain spreading misinformation about US elections

Modus Operandi:

  • Initial Misinformation about Elections from Doctors: Some advertisements redirected users to a website on the domain ‘pro.joinhsi.com’. The website featured claims about benefits and unique solutions for health issues. The language used is persuasive, focusing on urgency and personal empowerment. The content often lacks scientific backing, raising concerns about misinformation and the potential exploitation of vulnerable individuals seeking health solutions.
  • Payment Gateway: Once the users click on a button to get a free subscription, they are redirected to another domain ‘secure.hsionlineorders.net’. That accepts payments in the form of a subscription model. Many people have complained on websites such as ripoffreport.com that they made the payment and never received the book. 

Redirect chain:

Flowchart shows the redirect chain
  1. http://clicks.click-cue.com/aff_c?offer_id=1045&aff_id=1034
  2. https://pro.joinhsi.com/p/HSIDOARFK0924A/PHSI4916/?ef_tx_id=7fe2a43be63646759239fd4fbc8312e5&ef_o_id=4842&aid=664&sid1=102ae568215266971073173eb2548d&h=true
  3. https://secure.hsionlineorders.net/journey/HSIDOARFK0924A/1?promocode=PHSI4916&ef_tx_id=7fe2a43be63646759239fd4fbc8312e5&ef_o_id=4842&aid=664&sid1=102ae568215266971073173eb2548d&h=true&pagenumber=2&organization-abbreviation=NMG

HSI domain selling a free encyclopedia

HSI website redirected domain to accept payments
A user complaining about the HSI website

Impact: 

Similar to the previous scam, the advertiser for such ads is also ‘The Tech Prophet’ and each ad has reached 2-3k users in the United states. 

Details of a fake ad on the facebook ads library

Sources:

Scams

Stimulus Scam

Fake domain spreading misinformation about US elections

Modus Operandi:

  • Misleading Videos: The scam begins with an AI-generated video that falsely claims the government is releasing a new stimulus package before elections, creating urgency and interest among viewers.
  • Initial Redirection: Viewers are then redirected to the site ‘prizestash.com’, which serves as the main platform for harvesting personal information.
  • Information Collection: Upon clicking the button, users are prompted to enter sensitive personal identifiable information (PII), including their zip code, name, email address, and phone number.
  • Survey Engagement: After users submit this information and answer additional survey questions, they are redirected to other domains, such as p2a.co or blissxo.com. These sites further request more personal data or credit card information, leveraging the initial engagement to extract even more sensitive details.

Using our Deepfake analyser at https://community.cloudsek.com, we have verified that most of these videos are AI generated.

Video labeled as fake by Cloudsek’s Deepfake Analyser

Redirect chain:

Flowchart shows redirect chain
  1. https://track.mjpath.com/6706f148d6bccfb31ff5326d
  2. https://chance26.prizestash.com/a?vid=100&zDc=Desktop&zEx=&zVr=PT0016&c1=1267&c2=10269afc1efd51b0e6fefaf6cca80e&click_id=2998323987&utm_content=ps_viscard3_1000&utm_medium=&utm_source=462086&utm_term=1267&zRid=PT&zct=ps_viscard3_1000&zmd=&zsr=462086&ztm=1267 
  3. https://monetize.zeeto.io/linkout/e0e652c2-dc3d-4552-b44f-66c6d5bddc72
  4. https://my.blissxo.com/f/125-instant-play/?utm_source=ZAN-1522&utm_medium=Linkout-inpath-CPA&utm_campaign=670951fe91440020b7b418e5&utm_content=BXO+Desktop&utm_term=71da47f2c6f745278bbc45c030ffc04b&clickid=1022c5c53cc1d6dda4152956cc3466&affid=1522&offer_id=21634&campaignid=670951fe91440020b7b418e5&adgroupid=21634&email=dssad%40sdsad.com&firstname=da&lastname=sdsa&zipcode=32322&city=Carrabelle&state=FL&address=dasda&phone=323-232-3232&dobmonth=02&dobday=12&dobyear=1995&gender=Female&bid_price=1.00 
Webpage of chance26.prizestash.com
Webpage of p2a.co after the redirect

Impact: 

The advertiser for such ads is ‘Liberty Giveaways’ that is running 290+ such fraudulent advertisements in the month of October with each advertisement reaching 3K-4K users in the United States

Sources:

Crypto Scams

Creating Phony Tokens on Solana Network 

Threat actors create fake Solana tokens and distribute them through airdrops and token offerings. They then solicit additional funds from victims under the pretense of marketing and promotion, ultimately absconding with the money.

Modus Operandi: 

  1. Create a token on Solana Network with names referencing the US Elections and its candidates.
Admin of Telegram group announcing the initial CTO of a token

  1. Offer a Consumer Token Offering (CTO) to build hype and initiate trading of the phony token.
Message from Admin on a telegram group asking for more investment to hire marketing helper

  1. Ask for more investment to help promote and legitimize the coin through marketing and the creation of a website. 
  2. Threat Actors keep funds collected for themselves

Impact: 

  1. Financial Loss for Victims: Investors lose money when they are deceived into funding fraudulent tokens.
  2. Market Volatility: The introduction of fake tokens can create instability in the market, affecting legitimate projects.
  3. Regulatory Scrutiny: Increased scams may lead to heightened regulatory oversight and scrutiny in the cryptocurrency space.
  4. Targeting Unsophisticated Investors: Cybercriminals often target inexperienced investors, exacerbating issues related to financial literacy in the crypto space.
  5. Difficulty in Recovery: Victims often find it challenging to recover lost funds, contributing to a sense of helplessness.
  6. Resource Diversion for Security: Increased scams necessitate more resources from exchanges and developers to enhance security measures and educate users.

Source:

The following telegram channels have been found promoting this type of scam:

Investment Pool Scams Using Fake Crypto Tokens and Deepfake Videos

Cybercriminals are creating fraudulent tokens and falsely associating them with presidential campaigns. They deceive investors into donating funds, promising to support political initiatives, but ultimately misappropriate the money.

Modus Operandi: 

Text Highlighted shows intentions to donate funds to presidential candidates
  1. To promote the investment in the tokens, threat actors are advertising using collected funds to aid presidential campaigns
Using DeepFake Videos in Telegram Channels to promote crypto tokens

CloudSEK’s Community DeepFake Analyzer shows a high probability of the video being fake
  1. Threat Actors also create DeepFake videos of the presidential candidates to show their endorsement of different Crypto tokens to promote investment further
  2. Instead of donating the funds to the presidential candidates and their campaigns as promised, the threat actors keep the money for themselves

Impact: 

  1. Financial Loss for Investors: Donors are misled into contributing funds, resulting in significant financial losses.
  2. Erosion of Trust: Incidents of fraud undermine public confidence in legitimate political fundraising and cryptocurrency initiatives.
  3. Stifling Political Campaigns: Genuine campaigns may struggle to attract donations if potential donors become wary of scams.
  4. Legal Repercussions: Campaigns and platforms may face legal challenges due to association with fraudulent activities, even if they are victims.
  5. Increased Regulation: Heightened awareness may lead to stricter regulations in both political fundraising and cryptocurrency markets.
  6. Damage to Campaign Reputation: Legitimate campaigns may suffer reputational harm as they are wrongly linked to fraudulent activities.
  7. Targeting Vulnerable Donors: Cybercriminals often exploit less informed or vulnerable individuals, exacerbating issues of financial literacy.
  8. Difficulty in Recovery: Recovering funds from fraudulent schemes can be complex and often unsuccessful, leaving victims without recourse.

Source: 

The following telegram channels were found to be promoting these scams:

Attribution

For the Election Fraud Scam and HSI scam, the advertiser named ‘The Tech Prophet’  has listed its phone number as  ‘+16193412211’ and email address ‘[email protected]’. The same phone number is also used by a facebook page called Market monitors. The page also has an email address present on it. 

Contents of https://www.facebook.com/p/market-monitors-61562163825779/ 

There are two domains on the page that are being handled by the advertiser:

  • themarketmonitors.com: Features news articles and commentary on various political and economic topics.
  • prohealthdigital.com: Claims to offer ‘high quality leads and sales for you.’

The advertiser for the stimulus scam named ‘Liberty Giveaway Found’ has listed the following details: 

Details of the advertiser on facebook ads library

Mitigations

Technological Measures

  1. AI-Powered Detection Tools:some text
    • Utilize AI-powered tools like CloudSEK's Community Deepfake Analyzer to detect and identify deepfake content.
    • Implement advanced machine learning algorithms to identify and flag misinformation and disinformation campaigns.
  2. Robust Cybersecurity Infrastructure:some text
    • Strengthen the security of election infrastructure, including voting machines, voter registration databases, and election management systems.
    • Implement strong cybersecurity measures to protect against cyberattacks, such as phishing, malware, and ransomware.
  3. Digital Forensics:some text
    • Develop robust digital forensics capabilities to investigate and trace the origin of malicious content and cyberattacks.

Legal and Regulatory Measures

  1. Enforcing Existing Laws: Enforce existing laws related to election interference, campaign finance, and fraud.
  2. Strengthening Regulations: Consider enacting new legislation to address the evolving nature of cyber threats, including those related to deepfakes and cryptocurrency scams.
  3. International Cooperation: Collaborate with international partners to share information and coordinate efforts to combat cyber threats.

Social and Educational Measures

  1. Media Literacy: Promote media literacy among the public to help them identify and critically evaluate misinformation and disinformation.
  2. Social Media Literacy: Educate users about the risks of social media, including the spread of fake news and misinformation.
  3. Fact-Checking Organizations: Support fact-checking organizations to debunk false information and promote accurate news.
  4. Public Awareness Campaigns: Launch public awareness campaigns to inform the public about the dangers of cyber threats and how to protect themselves.

References

Author

CloudSEK TRIAD

CloudSEK Threat Research and Information Analytics Division

Predict Cyber threats against your organization

Schedule a Demo
Related Posts
No items found.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.

Take action now

Secure your organisation with our Award winning Products

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

CloudSEK XVigil

Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.

Learn more about XVigil
CloudSEK SVigil

Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.

Learn more about SVigil
CloudSEK SVigil

Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.

Learn more about BeVigil Ent
CloudSEK BeVigil

Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.

Learn more about BeVigil
General Trends

11

min read

Fraud Claims and Facts: An Analysis of Misinformation in U.S. Elections

Explore the alarming rise of misinformation in U.S. elections and the digital tactics used by threat actors to undermine public trust and harvest sensitive data. This in-depth analysis reveals how sensationalized election fraud claims, health misinformation, fake investment schemes, and crypto scams target unsuspecting users through social media and deepfake content. Discover the extensive impact of these scams on users’ financial security and mental well-being, as well as the essential measures, like advanced AI tools and media literacy, to combat these manipulative campaigns. Stay informed to protect yourself and others from the digital threats that jeopardize election integrity.

Authors
CloudSEK TRIAD
CloudSEK Threat Research and Information Analytics Division
Co-Authors
No items found.

Executive Summary

Threat actors exploit election season in the U.S. to target individuals with sensationalized claims about the electoral process, health misinformation, and fake investments. This leads to data exposure, financial losses, and eroded trust in institutions. Using social media platforms like Facebook, actors spread inflammatory messages to undermine election integrity. For example, an advertiser named “The Tech Prophet” spent over $7,000 on deceptive ads, reaching up to 150,000 viewers and funneling users to data-harvesting websites like “pro.insightandincome.com.”

Health misinformation ads, promoted via sites like “pro.joinhsi.com,” lure users with free subscriptions but redirect them to payment pages, impacting both finances and wellbeing. Additionally, AI-generated videos promoting fake government stimulus initiatives drive viewers to phishing sites like “prizestash.com,” with advertisers like "Liberty Giveaways" running over 290 misleading ads.

Threat actors also exploit cryptocurrency by creating fraudulent tokens mimicking political campaigns, particularly on the Solana network, leading to financial losses and regulatory concerns. Victims often face financial and emotional distress, with little chance of recovering funds.

This disinformation ecosystem impacts hundreds of thousands of U.S. users, resulting in millions in potential losses. A strong response is essential, including deepfake detection tools, election cybersecurity, regulatory action, and public education.

This report aims to raise awareness about the scams discussed above and outlines potential methods for identifying them. It is crucial for technology to keep pace with the rapid evolution of scams to effectively counteract them. To contribute to this effort, this report serves as a case study demonstrating the use of CloudSEK’s Deepfake Analyzer for scam detection and analysis.

Misinformation

Election Fraud

Fake domain spreading misinformation about US elections

Modus Operandi:

  • Initial Misinformation about Elections: The facebook ads show sensational or misleading claims about election processes or outcomes, aiming to foster distrust and intrigue among readers. The threat actors amplify the message across social media, emails, or conspiracy websites to maximize reach and attract susceptible audiences. Emotionally charged language is used to evoke fear, urgency, or anger, priming readers to search for further information or solutions.
  • Redirect to fake domain: Once the user clicks on any such ad, it redirects them to a fake website ‘pro.insightandincome.com’ that contains a long video that promotes a book or resource that allegedly offers insider knowledge or strategies related to the elections. The tactic includes using clickbait-style headlines and emotional appeals to drive traffic, while the ultimate goal is likely to harvest user information or encourage financial transactions for the promoted material.
  • Payment Gateway: Clicking the ‘Subscribe Now’ or purchase button leads users to a fraudulent domain ‘order.paradigm-press.info’ that is impersonating the official Paradigm Press website via its logo. The website then asks users to enter financial information and complete the purchase to get the book delivered to them.

Redirect chain: 

Flowchart shows the redirect chain 
  1. http://clicks.americanfreedomreport.org/aff_c?offer_id=980&aff_id=1028&url_id=834
  2. https://pro.insightandincome.com/p/awn_electionmeltdown49_1024/PAWN4A31/?cake_s1=11_170645966_c8ac1e1e-8d96-4cf5-96f3-e255d891b028&h=true 
  3. https://order.paradigm-press.info/journey/awn_electionmeltdown49_1024/1?promocode=PAWN4A31&cake_s1=11_170629663_0f143a3f-929f-4629-b6b8-ab52a9b45ff...&pagenumber=2&organization-abbreviation=AF 

Fake domain targeting US elections

Fake domain impersonating paradigm press

Impact:

  • The advertiser named ‘The Tech Prophet’ has spent $271,469 between 7 May 2018 - 1 Nov 2024 on these ads that have reached an audience of 4K-5K people per advertisement. The advertiser is running 100+ ads on the facebook platform as of writing this article.
  • In total the advertiser has spent almost $6K-$7K (USD) on these ads that has reached a staggering 125K-150K users in the United States.
Meta ads library shows the amount spent by The Tech Prophet on ads and its reach

Details of the fake ads being run related to the US elections

Source:

Health Science Institute

Fake domain spreading misinformation about US elections

Modus Operandi:

  • Initial Misinformation about Elections from Doctors: Some advertisements redirected users to a website on the domain ‘pro.joinhsi.com’. The website featured claims about benefits and unique solutions for health issues. The language used is persuasive, focusing on urgency and personal empowerment. The content often lacks scientific backing, raising concerns about misinformation and the potential exploitation of vulnerable individuals seeking health solutions.
  • Payment Gateway: Once the users click on a button to get a free subscription, they are redirected to another domain ‘secure.hsionlineorders.net’. That accepts payments in the form of a subscription model. Many people have complained on websites such as ripoffreport.com that they made the payment and never received the book. 

Redirect chain:

Flowchart shows the redirect chain
  1. http://clicks.click-cue.com/aff_c?offer_id=1045&aff_id=1034
  2. https://pro.joinhsi.com/p/HSIDOARFK0924A/PHSI4916/?ef_tx_id=7fe2a43be63646759239fd4fbc8312e5&ef_o_id=4842&aid=664&sid1=102ae568215266971073173eb2548d&h=true
  3. https://secure.hsionlineorders.net/journey/HSIDOARFK0924A/1?promocode=PHSI4916&ef_tx_id=7fe2a43be63646759239fd4fbc8312e5&ef_o_id=4842&aid=664&sid1=102ae568215266971073173eb2548d&h=true&pagenumber=2&organization-abbreviation=NMG

HSI domain selling a free encyclopedia

HSI website redirected domain to accept payments
A user complaining about the HSI website

Impact: 

Similar to the previous scam, the advertiser for such ads is also ‘The Tech Prophet’ and each ad has reached 2-3k users in the United states. 

Details of a fake ad on the facebook ads library

Sources:

Scams

Stimulus Scam

Fake domain spreading misinformation about US elections

Modus Operandi:

  • Misleading Videos: The scam begins with an AI-generated video that falsely claims the government is releasing a new stimulus package before elections, creating urgency and interest among viewers.
  • Initial Redirection: Viewers are then redirected to the site ‘prizestash.com’, which serves as the main platform for harvesting personal information.
  • Information Collection: Upon clicking the button, users are prompted to enter sensitive personal identifiable information (PII), including their zip code, name, email address, and phone number.
  • Survey Engagement: After users submit this information and answer additional survey questions, they are redirected to other domains, such as p2a.co or blissxo.com. These sites further request more personal data or credit card information, leveraging the initial engagement to extract even more sensitive details.

Using our Deepfake analyser at https://community.cloudsek.com, we have verified that most of these videos are AI generated.

Video labeled as fake by Cloudsek’s Deepfake Analyser

Redirect chain:

Flowchart shows redirect chain
  1. https://track.mjpath.com/6706f148d6bccfb31ff5326d
  2. https://chance26.prizestash.com/a?vid=100&zDc=Desktop&zEx=&zVr=PT0016&c1=1267&c2=10269afc1efd51b0e6fefaf6cca80e&click_id=2998323987&utm_content=ps_viscard3_1000&utm_medium=&utm_source=462086&utm_term=1267&zRid=PT&zct=ps_viscard3_1000&zmd=&zsr=462086&ztm=1267 
  3. https://monetize.zeeto.io/linkout/e0e652c2-dc3d-4552-b44f-66c6d5bddc72
  4. https://my.blissxo.com/f/125-instant-play/?utm_source=ZAN-1522&utm_medium=Linkout-inpath-CPA&utm_campaign=670951fe91440020b7b418e5&utm_content=BXO+Desktop&utm_term=71da47f2c6f745278bbc45c030ffc04b&clickid=1022c5c53cc1d6dda4152956cc3466&affid=1522&offer_id=21634&campaignid=670951fe91440020b7b418e5&adgroupid=21634&email=dssad%40sdsad.com&firstname=da&lastname=sdsa&zipcode=32322&city=Carrabelle&state=FL&address=dasda&phone=323-232-3232&dobmonth=02&dobday=12&dobyear=1995&gender=Female&bid_price=1.00 
Webpage of chance26.prizestash.com
Webpage of p2a.co after the redirect

Impact: 

The advertiser for such ads is ‘Liberty Giveaways’ that is running 290+ such fraudulent advertisements in the month of October with each advertisement reaching 3K-4K users in the United States

Sources:

Crypto Scams

Creating Phony Tokens on Solana Network 

Threat actors create fake Solana tokens and distribute them through airdrops and token offerings. They then solicit additional funds from victims under the pretense of marketing and promotion, ultimately absconding with the money.

Modus Operandi: 

  1. Create a token on Solana Network with names referencing the US Elections and its candidates.
Admin of Telegram group announcing the initial CTO of a token

  1. Offer a Consumer Token Offering (CTO) to build hype and initiate trading of the phony token.
Message from Admin on a telegram group asking for more investment to hire marketing helper

  1. Ask for more investment to help promote and legitimize the coin through marketing and the creation of a website. 
  2. Threat Actors keep funds collected for themselves

Impact: 

  1. Financial Loss for Victims: Investors lose money when they are deceived into funding fraudulent tokens.
  2. Market Volatility: The introduction of fake tokens can create instability in the market, affecting legitimate projects.
  3. Regulatory Scrutiny: Increased scams may lead to heightened regulatory oversight and scrutiny in the cryptocurrency space.
  4. Targeting Unsophisticated Investors: Cybercriminals often target inexperienced investors, exacerbating issues related to financial literacy in the crypto space.
  5. Difficulty in Recovery: Victims often find it challenging to recover lost funds, contributing to a sense of helplessness.
  6. Resource Diversion for Security: Increased scams necessitate more resources from exchanges and developers to enhance security measures and educate users.

Source:

The following telegram channels have been found promoting this type of scam:

Investment Pool Scams Using Fake Crypto Tokens and Deepfake Videos

Cybercriminals are creating fraudulent tokens and falsely associating them with presidential campaigns. They deceive investors into donating funds, promising to support political initiatives, but ultimately misappropriate the money.

Modus Operandi: 

Text Highlighted shows intentions to donate funds to presidential candidates
  1. To promote the investment in the tokens, threat actors are advertising using collected funds to aid presidential campaigns
Using DeepFake Videos in Telegram Channels to promote crypto tokens

CloudSEK’s Community DeepFake Analyzer shows a high probability of the video being fake
  1. Threat Actors also create DeepFake videos of the presidential candidates to show their endorsement of different Crypto tokens to promote investment further
  2. Instead of donating the funds to the presidential candidates and their campaigns as promised, the threat actors keep the money for themselves

Impact: 

  1. Financial Loss for Investors: Donors are misled into contributing funds, resulting in significant financial losses.
  2. Erosion of Trust: Incidents of fraud undermine public confidence in legitimate political fundraising and cryptocurrency initiatives.
  3. Stifling Political Campaigns: Genuine campaigns may struggle to attract donations if potential donors become wary of scams.
  4. Legal Repercussions: Campaigns and platforms may face legal challenges due to association with fraudulent activities, even if they are victims.
  5. Increased Regulation: Heightened awareness may lead to stricter regulations in both political fundraising and cryptocurrency markets.
  6. Damage to Campaign Reputation: Legitimate campaigns may suffer reputational harm as they are wrongly linked to fraudulent activities.
  7. Targeting Vulnerable Donors: Cybercriminals often exploit less informed or vulnerable individuals, exacerbating issues of financial literacy.
  8. Difficulty in Recovery: Recovering funds from fraudulent schemes can be complex and often unsuccessful, leaving victims without recourse.

Source: 

The following telegram channels were found to be promoting these scams:

Attribution

For the Election Fraud Scam and HSI scam, the advertiser named ‘The Tech Prophet’  has listed its phone number as  ‘+16193412211’ and email address ‘[email protected]’. The same phone number is also used by a facebook page called Market monitors. The page also has an email address present on it. 

Contents of https://www.facebook.com/p/market-monitors-61562163825779/ 

There are two domains on the page that are being handled by the advertiser:

  • themarketmonitors.com: Features news articles and commentary on various political and economic topics.
  • prohealthdigital.com: Claims to offer ‘high quality leads and sales for you.’

The advertiser for the stimulus scam named ‘Liberty Giveaway Found’ has listed the following details: 

Details of the advertiser on facebook ads library

Mitigations

Technological Measures

  1. AI-Powered Detection Tools:some text
    • Utilize AI-powered tools like CloudSEK's Community Deepfake Analyzer to detect and identify deepfake content.
    • Implement advanced machine learning algorithms to identify and flag misinformation and disinformation campaigns.
  2. Robust Cybersecurity Infrastructure:some text
    • Strengthen the security of election infrastructure, including voting machines, voter registration databases, and election management systems.
    • Implement strong cybersecurity measures to protect against cyberattacks, such as phishing, malware, and ransomware.
  3. Digital Forensics:some text
    • Develop robust digital forensics capabilities to investigate and trace the origin of malicious content and cyberattacks.

Legal and Regulatory Measures

  1. Enforcing Existing Laws: Enforce existing laws related to election interference, campaign finance, and fraud.
  2. Strengthening Regulations: Consider enacting new legislation to address the evolving nature of cyber threats, including those related to deepfakes and cryptocurrency scams.
  3. International Cooperation: Collaborate with international partners to share information and coordinate efforts to combat cyber threats.

Social and Educational Measures

  1. Media Literacy: Promote media literacy among the public to help them identify and critically evaluate misinformation and disinformation.
  2. Social Media Literacy: Educate users about the risks of social media, including the spread of fake news and misinformation.
  3. Fact-Checking Organizations: Support fact-checking organizations to debunk false information and promote accurate news.
  4. Public Awareness Campaigns: Launch public awareness campaigns to inform the public about the dangers of cyber threats and how to protect themselves.

References