Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Threat Actors Mimic CNN, BBC, and CNBC Websites to Promote Investment Scams

Cybersecurity researchers have identified a sophisticated international fraud campaign that leverages impersonated news websites from major outlets including CNN, BBC, CNBC, News24, and ABC News to orchestrate large-scale investment scams. The campaign’s technical foundation relies heavily on domain typosquatting techniques and the exploitation of cheap top-level domains (TLDs) to create convincing replicas of established news outlets. The technical infrastructure supporting this operation spans an extensive network of fraudulent domains designed to mirror authentic news websites with remarkable precision. Malwarebytes analysts noted that the threat actors have established approximately 17,000 baiting news sites distributed across 50 countries, with the United States serving as the primary target region. These ads follow predictable patterns featuring local celebrities and headlines promising “passive income streams” that appear to originate from legitimate news sources. The threat actors implement URL structures that closely mimic legitimate news websites, incorporating recognizable branding elements and familiar navigation patterns. These sites utilize content management systems configured to automatically generate articles featuring local celebrities and region-specific investment opportunities, creating personalized attack vectors that increase victim engagement rates and conversion potential. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The researchers discovered that these malicious actors maintain sophisticated fake trading platforms with names including Eclipse Earn, Solara Vynex, and Trap10, each designed to simulate legitimate investment environments. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Analysis reveals consistent use of domains ending in .xyz, .io, .shop, and .click extensions, which provide cost-effective alternatives to premium domain registrations while maintaining sufficient visual similarity to deceive targets.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 15 Jul 2025 15:35:10 +0000

Cyber News related to Threat Actors Mimic CNN, BBC, and CNBC Websites to Promote Investment Scams

Threat Actors Mimic CNN, BBC, and CNBC Websites to Promote Investment Scams - Cybersecurity researchers have identified a sophisticated international fraud campaign that leverages impersonated news websites from major outlets including CNN, BBC, CNBC, News24, and ABC News to orchestrate large-scale investment scams. The ...
1 month ago Cybersecuritynews.com

Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky

Investment Scams Grow, 13,000 Domains Detected in January 2024 - Internet security experts have detected and blocked nearly 13,000 fake investment platform domains across more than 7000 IPs in January 2024, a 25% increase from December 2023. The figure comes amid growing concerns over the escalating threat of ...
1 year ago Infosecurity-magazine.com

Unravelling Retirement Banking Scams and How To Protect Yourself - In the labyrinth of financial scams, one of the most insidious is the retirement banking scam. According to the FBI, in 2020 alone, financial scams targeting seniors netted more than $1 billion. It's a quiet crisis that we need to address, and ...
1 year ago Hackread.com

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
2 months ago Cybersecuritynews.com

Fake CNN and BBC sites used to push investment scams | The Record from Recorded Future News - That campaign, which has been active for months, involves thousands of phishing websites that mimic the design and product listings of well-known retailers — including Apple, PayPal, Nordstrom, Hermès, and Michael Kors — to trick users into ...
1 month ago Therecord.media

Researchers Uncovered Threat Actors TTP Patterns & Role in DNS in Investment Scams - These sophisticated scams, which include the notorious “pig butchering” schemes, deploy various attack vectors ranging from generic text messages to targeted social media advertisements, often using fake cryptocurrency platforms to ...
4 months ago Cybersecuritynews.com

Pakistani Firm Shipped Fentanyl Analogs, Scams to US – Krebs on Security - California resident Walter Horsting discovered something similar when he sued 360 Digital Marketing in small claims court last year, after hiring a company called Vox Ghostwriting to help write, edit and promote a spy novel he’d been working ...
3 months ago Krebsonsecurity.com

Business Email Compromise Scams: Prevention and Response - We will also highlight red flags to watch out for in suspicious emails, emphasizing the importance of implementing robust email authentication methods and comprehensive employee training programs to enhance awareness and response capabilities. BEC ...
1 year ago Securityzap.com

How Criminals Are Leveraging AI to Create Convincing Scams - Cybercriminals create far more sophisticated scams with generative AI than traditional phishing scams. According to Visa research, scammers are fooling even the savviest internet users by launching pig butchering, inheritance, humanitarian relief ...
1 year ago Tripwire.com

Best of 2023: Why is everyone getting hacked on Facebook? - Importantly, phishing relies on the victim trusting the scammer and taking an action - like clicking a link or sending bank account information - in order for the scammer to get what they want. It's not your imagination - social media scams really ...
1 year ago Securityboulevard.com

Romance Scammers are Adopting Approval Phishing Tactics - Romance scams are labor-intensive and time-consuming schemes to run. They can be lucrative, pulling in millions in stolen cryptocurrency, but they also can end up going nowhere if the targeted victim becomes suspicious or the bad actor decides there ...
1 year ago Securityboulevard.com Rocke

TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com CVE-2023-42793 APT29

BaitTrap - 17,000+ Fake News Websites Caught Promoting Investment Frauds - Cyber Security News - These malicious platforms masquerade as legitimate news outlets, publishing fabricated stories featuring well-known public figures and respected financial institutions to build trust and lure unsuspecting victims into high-risk financial scams ...
1 month ago Cybersecuritynews.com

Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
1 year ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966 APT28

BBC suffers data breach impacting current, former employees - The BBC has disclosed a data security incident that occurred on May 21, involving unauthorized access to files hosted on a cloud-based service, compromising the personal information of BBC Pension Scheme members. As per the reports, the incident ...
1 year ago Bleepingcomputer.com Ransomhub

Co-op confirms data theft after DragonForce ransomware claims attack - These threat actors are experts at using social engineering attacks, SIM Swapping, and MFA fatigue attacks to breach networks and then steal data or deploy ransomware. However, soon after the news broke, BleepingComputer learned that the ...
4 months ago Bleepingcomputer.com Dragonforce Scattered Spider

UK to block all Social Media Scams - Starting May 2024, residents of the United Kingdom can breathe a sigh of relief, as social media platforms operating in the country have collectively committed to combating a range of scams on their respective networks. This includes everything from ...
1 year ago Cybersecurity-insiders.com

Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com

Google blocked over 5 billion ads in 2024 amid rise in AI-powered scams - "To fight back, we quickly assembled a dedicated team of over 100 experts to analyze these scams and develop effective countermeasures, such as updating our Misrepresentation policy to suspend advertisers that promote these scams," explains Google's ...
4 months ago Bleepingcomputer.com

18 Best Web Filtering Solutions - 2025 - Pros Cons Comprehensive content filtering.Cost can be high for full features.Malware and threat protection.Hardware-based solutions may require additional infrastructure.Easy to deploy and manage.Configuration complexity for advanced ...
6 months ago Cybersecuritynews.com

Building Your Defense Toolbox: Tools and Tactics to Combat Cyber Threats - The emergence of AI-powered malicious chatbots, such as WormGPT and FraudGPT, has enabled malicious threat actors to not only refine their skills but also consolidate all their malicious activities and tools into one, like a toolbox. Understanding ...
1 year ago Hackread.com

20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
5 months ago Cybersecuritynews.com

Hajj Pilgrimage Hit by Extensive Phishing and Data Theft Scams - Cybersecurity threats rise during this peak season as millions embark on the annual Hajj pilgrimage. This article offers crucial tips for pilgrims to safeguard themselves online while ensuring a safe and fulfilling Hajj experience. Every year, ...
1 year ago Hackread.com

Police Seize $300m Linked to Online Scams - An international policing operation has led to the arrest of 3500 suspects and the seizure of assets worth $300m in connection with various organized cybercrime schemes. Interpol's HAECHI IV operation was the latest in a long-running series of ...
1 year ago Infosecurity-magazine.com