Cryptocurrency scammers flood Facebook users with manipulative ads

This article was originally published by Metamorphosis in Global Voices.

Scammers using fake Forbes articles and anti-EU disinformation as bait continue to target Facebook users across Europe, the EDRi member Metamorphosis Foundation has warned.

The Skopje-based Metamorphosis Foundation is a civil society organisation from North Macedonia promoting digital rights and media literacy.

Its monitoring of social networks has revealed that scammers continue to use Facebook advertisements masked as links to articles from the respectable Forbes.com, continuing disinformation trends involving not only China, but also European Union members like Sweden.

On 19 May, the Ministry of Interior Affairs of North Macedonia warned citizens that scammers use social networks and e-mail to distribute links misrepresented as articles from Forbes.com to promote the purchase of a supposed new Chinese cryptocurrency.

Citizens who click on the links and provide personal data to the scammers are then targeted by phone calls persuading them to start ‘investing’ by paying installments of $250 dollars.

Other manipulation techniques are then deployed to make users increase the fee.

The anti cyber-crime unit of the Macedonian police claimed the malicious links lead to a website hosted in Ukraine, allegedly run by a Russian citizen in a manner similar to the debunked OneCoin Ponzi scheme run by Bulgarian fraudster Ruja Ignatova, which inflicted damage worldwide of over $4 billion.

Data publicly provided by Facebook about the geographic reach of the advertisements promoting these links suggest they go far beyond the borders of North Macedonia, activists warn.

Manipulative ads help scammers gather personal data from victims

Metamorphosis identified several similar ads that are active on social networks. Users who click on these ads are redirected to addresses such as this one instead of pages on the Forbes.com website.

Bardhyl Jashari, Executive Director of Metamorphosis, explained:
“Misleading advertisements continue to target social network users across the world. Using the public data provided by Facebook about the ads targeting the audience based in North Macedonia as a starting point, the Metamorphosis team revealed that the same ads are served in almost all European countries, as well as countries in the Middle East. Scammers use pages about culture, even about cookies (the edible ones), to launch ads that lead the users to web pages and blogs that look almost the same as the ones the Macedonian police warned about.”

This dangerous trend also touches upon another of Metamorphosis’ areas of involvement. Since its founding in 2004, Metamorphosis has been working on promoting serving and promoting child safety online.

Jashari also noted:

“A very worrisome development is that these organised crime networks also use pages aimed at children and teenagers to camouflage their malicious content. For instance a page branded as
community for the popular game MineCraft (titled Minecraft) had been running ads that continue to disseminate disinformation about Sweden, aimed at users in Russia, Austria, Belgium, but also in Singapore, Qatar and United Arab Emirates, and dozens of other countries.”

Users clicking on these ads are taken to a page providing an incentive for them to leave their personal data. In the case of Sweden this was disguised as a discount coupon.

While MineCraft has a huge adult following, it is a particularly popular game among children aged between 9 and 11. This practice helps condition future audiences particularly susceptible to both disinformation and scamming.

What is Metamorphosis doing to combat these tactics?

In November 2019, Metamorphosis’ Critical Thinking for Media-wise Citizens (CriThink) project warned that scammers benefit from established disinformation narratives about Sweden.

Sponsored Facebook posts lure people who had been previously primed through right-wing populist propaganda media networks based in North Macedonia to believe media manipulations about unrest in the country and the European Union (EU), originally published by pro-Kremlin media.

In the same manner, these articles promoted fake news that Sweden has introduced a cryptocurrency opposing the Euro.

To launch these geo-targeted ads, scammers used a series of pages with general interest topics, including some branded as unofficial fan clubs of Western celebrities like actors Liam Neeson and Anthony Michael Hall.

CriThink, which is an initiative supported by the EU Delegation in North Macedonia, educated local social media users on how to use the transparency features of Facebook pages used by the scammers, in order to flag and report the suspicious pages using the mechanisms provided by the platform.

In order to boost citizen engagement in raising media literacy levels, CriThink articles related to social networks provide instructions on how users can use reporting features to alert administrators about harmful content, ranging from hate speech to scams.

Several weeks later, in December 2019, Facebook informed some of its users who participated in the online action that they had removed the ads reported as scams.

Read more:

Cryptocurrency scammers flood Facebook users with ads for fake Forbes.com articles (29.05.2020)
https://globalvoices.org/2020/05/29/cryptocurrency-scammers-flood-facebook-users-with-ads-for-fake-forbes-com-articles/

Cyber-crime unit of Macedonian police warns about a new scam involving fake Chinese cryptocurrency (19.05.2020)
https://meta.mk/en/macedonian-cyber-police-warns-about-a-new-scam-involving-fake-chinese-cryptocurrency/

The £4bn OneCoin scam: how crypto-queen Dr Ruja Ignatova duped ordinary people out of billions — then went missing (15.12.2019)
https://www.thetimes.co.uk/article/the-4bn-onecoin-scam-how-crypto-queen-dr-ruja-ignatova-duped-ordinary-people-out-of-billions-then-went-missing-trqpr52pq

Disinfo: Crime-infested no-go zones exist in multiple European countries (17.10.2019)
https://euvsdisinfo.eu/report/crime-infested-no-go-zones-exist-in-multiple-european-countries/

(In Macebonian) Дезинформации за Шведска се користат како мамка за корисници на „Фејсбук“ од Северна Македонија (18.11.2019)
https://crithink.mk/dezinformaczii-za-shvedska-se-koristat-kako-mamka-za-korisniczi-na-fejsbuk-od-makedonija/

(Contribution by Filip Stojanovski from EDRi member Metamorphosis)