SCAMONOMICS THE DARK SIDE OF STOCK & CRYPTO INVESTMENTS IN INDIA

EXECUTIVE SUMMARY

At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics employed by malicious actors targeting both organizations and individuals. The rise of digital financial platforms has provided scammers with new avenues to defraud unsuspecting investors. This research explores the growing trend of stock market and cryptocurrency investment scams, particularly money-doubling schemes, fraudulent investment companies, fake mobile applications, and Telegram-based fraud networks.

Our investigation reveals that scammers exploit social engineering techniques, fabricated success stories, and fake endorsements to lure victims. By understanding their modus operandi and identifying red flags, individuals and organizations can safeguard their assets from financial fraud. This report provides an in-depth analysis of scam patterns, real-world case studies, and recommendations to combat these cyber threats effectively.

INTRODUCTION

Investment fraud has evolved in complexity, leveraging online platforms, social media, and encrypted messaging apps to execute large-scale financial scams. Fraudsters promise high returns, often guaranteeing unrealistic profits within a short timeframe. With the rise in cryptocurrency adoption and digital stock trading, scammers have developed sophisticated tactics, including:

• Fake trading platforms
• Ponzi schemes
• Deceptive messaging channels on platforms like Telegram and WhatsApp
• Fraudulent mobile applications

These schemes operate without regulatory oversight, making recovery of lost funds nearly impossible. This research aims to expose the methodologies used by scammers, analyze real-world cases, and provide actionable insights to prevent financial exploitation.

Modus Operandi

Money-Doubling Schemes

Scammers lure victims by offering unrealistic financial returns within a short period. Examples include:

• “Invest ₹3000 and get ₹10,000 in 24 hours”
• “Triple your money within a day
• “Guaranteed 200% return on Bitcoin investments”
• These schemes operate on a Ponzi-like model where initial returns are paid using money from new investors until the scheme collapses and most participants lose their investments.

Creation of Fake Companies

Cybercriminals establish fraudulent investment firms with fake websites, fabricated regulatory approvals, and counterfeit social media presence. Our investigation identified several red flags:

• No verifiable company registration details
• Unclear contact information and anonymous founders
• Press releases with fabricated success stories
• Impersonation of legitimate financial institutions
• Domain names similar to established financial companies

Fake Mobile Applications

Our research uncovered multiple fraudulent mobile applications targeting investors:

• Apps published on Google Play Store or third-party sites, promising high returns
• Applications that impersonate legitimate trading platforms or exchanges
• Systems where victims can deposit funds, but withdrawals are either delayed indefinitely or completely blocked
• Apps offering sign-up bonuses, referral rewards, and other incentives to create an illusion of legitimacy

Telegram and WhatsApp Investment Scam Groups

Scammers leverage messaging platforms to create exclusive “investment groups” where they:

• Post fake profit screenshots to lure victims
• Use bot accounts to simulate engagement
• Offer “VIP memberships” for premium trading signals, leading to further monetary losses
• Manipulate victims into downloading malware-infected trading apps
• Create artificial urgency through “limited-time offers”

KEY FINDINGS

Through our extensive investigation, we discovered:

• Impersonation tactics: Scammers pose as business executives or financial experts to establish trust and credibility.
• Fake corporate structures: Fraudulent investment firms with fabricated registration details, websites, and manipulated social media engagement.
• Multi-platform approach: Telegram channels, WhatsApp groups, Instagram accounts, and fake company domains are utilized as primary tools to lure unsuspecting investors.
• UPI payment requests: Fraudsters request payments via UPI, making it easier to collect and launder money quickly.
• Telegram operations: Investment groups serve as primary platforms for luring victims, using fake testimonials and bot-driven interactions.
• Counterfeit applications: Fraudsters develop mobile applications that impersonate legitimate investment platforms, tricking users into depositing funds that cannot be withdrawn.
• Ponzi structure: These scams operate as Ponzi schemes, where initial investors may receive payouts funded by newer victims, leading to an inevitable collapse.
• Urgency tactics: Victims are pressured into making quick investment decisions through fake urgency tactics such as “limited-time offers” and “VIP membership access.”
• Website vulnerabilities: Attackers are actively exploiting vulnerabilities in Indian Government websites and one of India’s top engineering colleges’ websites to promote their schemes.
• International connections: The developer of several malicious redirected websites has been found to have linkages with China, indicating possible international involvement in the scam operations.

EVIDENCE AND ANALYSIS

Telegram Channels

Our researchers identified multiple Telegram channels promoting high-return investment scams:

• Channel: “BITCOIN MONEY EARNING (Money_dubling_)”
• Subscribers: 19,800+
• Claims: Double money in minutes through cryptocurrency and UPI transactions
• Techniques:
  • Fake Payment receipts showing exaggerated deposits
  • Fabricated WhatsApp screenshots showing large transfers (₹60,000, ₹85,000)
  • Counterfeit UPI/wallet interfaces mimicking real banking apps
  • Graphic overlays like “ORDER DONE” and “15 MINUTES DOUBLE” to attract attention

Channel: “BINANCE (VIP) 🇳🇬”

• Subscribers: 1,142
• Claims: 10x returns in 24 hours using the name of legitimate cryptocurrency exchange Binance
• Techniques: Impersonation of established crypto exchange to build false credibility

Channel: “Wolf calls PAID Channel 01-04-2024”

• Subscribers: 3,887
• Claims: Quadruple returns in 2-3 hours with minimum ₹5,000 investment
• Techniques: Group structure suggesting exclusivity and insider information

Channel: “INDIAN STOCK MARKET NEWS”

• Subscribers: 49,217
• Claims: Triple returns in 2 hours through “loss cover” scheme
• Techniques: Targeting emotionally vulnerable retail investors who have experienced losses

Channel: “ONLINE DAILY PROFIT MONEY ”

• Members: 15,408
• Claims: Double money sent via PayTM, Google Pay, or PhonePe within 45 minutes
• Techniques: Emphasis on instant gratification and quick returns

Fraudulent Websites and Login Interfaces

Our technical analysis revealed several sophisticated fake investment platforms:

• Login portal impersonating legitimate trading platforms:
• Uses logos of globally trusted brands
• Creates false sense of authenticity
• Sophisticated design mimicking legitimate financial interfaces

Website impersonating Tesla Inc:

• Offers fake investment plans with unrealistic returns
• Uses Tesla branding to establish credibility
• Well-designed interface mimicking corporate standards

Instagram Accounts
Our investigation identified multiple Instagram accounts promoting investment scams:

Account: “Instant Money Help ”

• Followers: 184
• Following: 621
• Claims: “Pay ₹199 to receive ₹1,000” through UPI platforms
• Target: Hindi-speaking audiences

Account: “tared_money_earning_”

• Posts: 81
• Claims: Turn 5,000 rupees into 20,000 in 45 minutes (400% return)
• Languages: Content in both English and Hindi

Account: “amit_vip_trader”

• Claims: “Money doubling fund” with 45-minute returns
• Payment methods: Phone Pay, Paytm, and Google Pay
• Red flags: Bio states “3k start return payment time only 45”

Account: “trader_pooja_dankani”

• Claims: Turn ₹750 into ₹23,500 in 15 minutes (3,033% return)
• Tactics: creating artificial urgency: “Hurry Up Limited Time Offer”.

Account: “stocktrading_sanjiv”

• Claims: Uses term “Hedge fund” for legitimacy
• Tiered structure:
  • ₹750 yields ₹14,999 (1,900% return)
  • ₹2,000 yields ₹23,999 (1,100% return)
  • ₹4,000 yields ₹32,999 (725% return)
  • ₹10,000 yields ₹49,990 (400% return)
• Visual elements: Background contains stock charts to create impression of professional trading

Victim Testimonials

To supplement our technical analysis, we examined victim testimonials from a popular Indian consumer complaints website which serves as an independent consumer grievance platform. These real-world accounts provide valuable insights into how these scams operate and impact victims:

Complaint 1:

Complaint 2:

APK Technical Analysis

Our security team conducted a detailed analysis of the fraudulent “Stock Heaven” application:

• Incentive structure:
  • ₹110 sign-up bonus
  • 10% referral bonus
  • ₹50 “selfie bonus” for user verification
• Interface elements:
  • Mock trading dashboard
  • Fake deposit and withdrawal options
  • “Bonus tasks” to encourage further engagement
  • Fabricated transaction history showing large user transactions
• Return claims:
  • Fixed daily returns (₹35 per day for 30 days)
    Unsustainable reward structure indicating Ponzi scheme
• Payment collection:
  • UPI ID linked to “alomwebtechnology”
  • No regulatory oversight or financial protection

Our team decompiled and analyzed the APK code:

• Evidence of WebIntroApp usage, a service claiming to “Convert your website/HTML files into your own mobile App for Android and iOS”
• Hardcoded URLs like “https://stockheaven.site/user/dashboard”
• Conditional code redirecting users to scam websites
• Simple conversion from fraudulent website to Android application to expand reach

Exploitation of Legitimate Websites

Our researchers discovered that scammers are exploiting vulnerabilities on official websites:

Government domains: Cross-Site Scripting (XSS) vulnerabilities used to display scam content
Educational institutions: One of India’s top engineering colleges compromised
Scam content: “Top Agricultural Stocks Expert Trader Group” with fake reviews and AI claims
Redirection: Users redirected to “Elite Stock Trading Group” with age-based segmentation
Foreign connection: Source code analysis revealed comments in Chinese, indicating possible foreign threat actors
WhatsApp groups: Links to two WhatsApp groups for continued manipulation

The screenshot below shows a redirection from a compromised engineering college website:

Screenshot of the source code:

Below is a screenshot of the highlighted URL which shows two WhatsApp groups-

Below are screenshots from the above WhatsApp Groups:

EXTERNAL THREAT LANDSCAPE MANAGEMENT

The external threat surrounding fraudulent investment scams is continuously evolving, driven by cybercriminals exploiting digital platforms to defraud individuals. Scammers leverage social media, encrypted messaging apps like Telegram and WhatsApp, and fraudulent company domains to create a sense of legitimacy. They impersonate financial experts, fabricate trading platforms, and use AI-generated endorsements to manipulate victims. A significant development in these scams is the increasing use of UPI transactions, which allows fraudsters to collect funds swiftly and obscure their financial trails. These operations are difficult to trace due to cross-border financial transactions and the use of cryptocurrency. To counter these threats, cybersecurity professionals and regulatory bodies must strengthen monitoring capabilities, implement AI-driven fraud detection mechanisms, and educate users on recognizing high-risk investment opportunities before falling victim to financial fraud.

CONCLUSION

Fraudulent investment scams continue to evolve, leveraging encrypted messaging apps, fake company domains, and UPI-based transactions to defraud victims. The use of social engineering, fake testimonials, and manipulated trading platforms makes these scams increasingly sophisticated. By enhancing threat intelligence monitoring, deploying AI-driven fraud detection systems, and increasing awareness among investors, financial losses can be mitigated. Individuals should conduct due diligence, avoid investment offers from unverified sources, and report suspicious activities to authorities to curb the rise of these scams.

INDICATORS OF COMPROMISE