Fake CNN and BBC sites used to push investment scams
Cybercriminals are faking popular news websites such as CNN, BBC and CNBC to trick people into investing in fraudulent cryptocurrency schemes, according to a new report.
Researchers at Bahrain-based cybersecurity firm CTM360 said they identified more than 17,000 such sites, which publish fake stories featuring prominent public figures, including national leaders and central bank governors.
The articles falsely linked those figures to “fabricated investment schemes in order to build trust and get engagement from victims,” the researchers said.
The scam spans more than 50 countries, with websites tailored to local audiences by using native languages, regional celebrities and well-known financial institutions to appear credible, CTM360 said. Many victims are based in the Middle East, but some in Europe and the United States have also been identified.
The scheme typically begins with ads placed on platforms like Google and Meta, which redirect users to bogus news articles. Clicking these articles leads to fraudulent investment platforms — often branded as Eclipse Earn, Solara or Vynex — that promise high returns through automated crypto trading, the researchers said.
These platforms are professionally designed to appear legitimate, featuring fake dashboards, manipulated profit data and fabricated testimonials, CTM360 said.
Victims are asked to register by submitting personal information and uploading identification documents such as national IDs or passports. They are then prompted to deposit an initial amount — usually around $240.
However, no real trading occurs on these platforms. The dashboards display fake profit growth to convince victims to continue depositing funds. When users attempt to withdraw their supposed earnings, they encounter a series of delays and obstacles, including demands for additional fees, new minimum balance requirements, or extended verification procedures.
While it is unclear how much money the criminals have stolen, researchers noted that the personal and financial data collected is often resold on the dark web or reused in future phishing and fraud campaigns.
Impersonating popular brands is a common tactic among cybercriminals.
Earlier in July, researchers uncovered a sprawling network of fraudulent retail websites impersonating major global brands in an effort to steal payment data from online shoppers.
That campaign, which has been active for months, involves thousands of phishing websites that mimic the design and product listings of well-known retailers — including Apple, PayPal, Nordstrom, Hermès, and Michael Kors — to trick users into entering their credit card information.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.