Scammers caught using unique DNS scam to target Australian victims

Scammers to pounce on Australian holiday shoppers with advanced scams

Scammers caught using unique DNS scam to target Australian victims

A threat actor known as Savvy Seahorse is tricking victims into believing they are investing in a legitimate company before transferring funds to a Russian account.

Researchers from cybersecurity firm Infoblox have uncovered an investment scam operation that abuses functionality within the domain name system (DNS) to deceive its victims.

The operation, somewhat whimsically named Savvy Seahorse, uses DNS canonical name records, or CNAME, to set up its own traffic distribution system. With this TDS, fraudsters update the IP address of their campaign infrastructure on the fly, making it easier for the campaign to evade detection.

Scammers also use this technique to quickly scale up campaigns, running multiple scams over 10 to 15 days and turning them on and off as necessary.

The scams themselves offer easy investment and quick returns, and companies like Meta and Tesla often use familiar brands and designs. However, once the victim invests funds, the money is quickly transferred to a Russian bank.

Scammers have very broad targets and not only pursue victims in Australia and New Zealand, but also around the world, and even operate in a variety of languages, such as Russian, Polish and Italian, among others. Interestingly, a feature of the TDS scam is that it can geofence its victims. In this case, scammers exclude victims from Ukraine and several other countries.

Renée Burton, head of threat intelligence at Infoblox and former senior executive at the US National Security Agency (NSA), believes Australians are a ripe target for these types of operations.

“Australia and New Zealand have high disposable income per capita, and there are many parent investors looking to participate in the market,” Burton said in a statement.

“Threat actors like Savvy Seahorse see an opportunity in this, and the advent of social media advertising gives these cybercriminals a cheap and easy way to flaunt their fraudulent websites to millions of people. It’s important to remember the old saying “if it seems too good to be true…”. Knowing that criminals want to steal from everyone, we must all be more vigilant when investing money or giving financial credentials through websites.”

Leave a Reply

Your email address will not be published. Required fields are marked *