BaitTrap Reveals Global Web of 17,000+ Fraud-Promoting Fake News Sites

Cybersecurity firm CTM360 has unveiled an extensive network of over 17,000 Baiting News Sites (BNS), engineered by cybercriminals to disseminate investment fraud on a global scale.

These deceptive platforms, identified through CTM360’s proprietary WebHunt monitoring system, masquerade as authoritative news entities such as CNN, BBC, CNBC, and regional counterparts, fabricating narratives that falsely associate prominent public figures, central banks, and commercial financial institutions with lucrative, nonexistent investment opportunities.

By leveraging advanced social engineering tactics, scammers propagate these sites via targeted advertising on platforms like Google Ads and Meta, redirecting unsuspecting users to sophisticated scam ecosystems including Trap10 and automated cryptocurrency trading frauds.

Scammers Exploit Mimicked Media Outlets

The ultimate objective is to engender false credibility, harvesting personal identifiable information (PII) and siphoning funds through illusory high-yield schemes.

Spanning 50 countries, these BNS instances are meticulously localized, incorporating native languages, recognizable regional influencers, and familiar banking brands to enhance perceived legitimacy and victim engagement rates.

Domains typically employ low-cost top-level extensions like .xyz, .shop, or .click, with scammers occasionally hijacking legitimate hosts to evade detection and complicate takedown efforts by threat intelligence teams.

CTM360’s analysis, framed within its Scam Navigator tool inspired by the MITRE ATT&CK framework delineates the scam lifecycle across six stages: resource development, trigger, distribution, target interaction, motive, and monetization.

BNS primarily function as a distribution vector in the initial phase, initiating victim contact via sponsored ads that mimic credible headlines, such as claims of accidental revelations by central bank governors about “secret crypto wealth methods.”

These ads, often hosted on bogus social media profiles with fabricated endorsements from high-profile figures, funnel traffic to counterfeit news articles.

Upon interaction, users are seamlessly redirected to bogus investment platforms like Eclipse Earn or Solara Vynex, where registration forms solicit PII including names, contact details, and national IDs under the pretext of account verification.

Subsequent stages involve scripted interactions with purported “investment experts” via phone calls, extracting sensitive data like banking credentials and document uploads, ostensibly for KYC compliance but in reality facilitating identity theft and secondary fraud campaigns on dark web marketplaces.

Monetization Tactics

Geospatial mapping by CTM360 highlights concentrated targeting in regions such as the Middle East, Asia-Pacific, Europe, Oceania, Americas, and Africa, with top countries including China, India, Japan, Germany, the UK, France, Brazil, Canada, Russia, Italy, South Africa, Saudi Arabia, Australia, and Indonesia.

This regional tailoring amplifies efficacy, as scammers integrate culturally resonant elements fabricated stories linking local leaders or national banks to schemes promising automated returns to exploit trust heuristics and cognitive biases.

Monetization pivots on initial deposits, often starting at $240, funneled through cryptocurrency wallets, mule accounts, or gift cards, with platforms displaying simulated profit dashboards to induce further investments.

Withdrawal attempts trigger entrapment mechanisms, including fabricated excuses like verification fees or system delays, ensuring funds remain inaccessible while scammers abscond with the proceeds.

The financial incentives underscore a motive of direct asset theft complemented by PII harvesting for resale or auxiliary phishing operations, including crypto wallet hijacking.

CTM360’s ongoing surveillance has detected patterns in shared hosting infrastructures and ad platform abuses, urging enhanced content moderation and AI-driven anomaly detection in digital advertising networks.

As these BNS proliferate, they not only erode public trust in online media but also pose systemic risks to financial security, with CTM360 advocating proactive threat hunting and collaborative takedowns to disrupt this insidious web of deception.

Stay Updated on Daily Cybersecurity News. Follow us on Google News, LinkedIn, and X.