Phishing, Extortion and Defamation

In our last articles titled The Trail of Illegality, and Illegal Financial Entities & Fake Driver Permits, Noti.Group delved into the operation of a presumed group of internet organized crime that offers the public the possibility of obtaining illegal driver’s licenses without restrictions for the European Union, we discovered several ghost financial institutions operating outside the applicable legal framework and we explained how these criminal groups copy legitimate websites to deceive their victims.

Today we will discover how fake phishing websites are structured and how these groups replicate entire websites to defraud their clients, we will show you how these criminal groups use targeted websites to extort and defame public figures around the world. Acts that are executed outside the reach of authorities and which are rarely seen, join us in an extraordinary investigation to discover the inner workings of these criminal groups.

A source provided the Investigative team of Noti.Group with unprecedented access to an active investigation of these criminal rings that operating behind the scenes and that have created a world that seeks to separate their victims from their money, who without suspicion involuntarily provide their information, credit card credit and personal data on sites that at first glance seem legitimate and genuine.

Secret Extortion and Defamation websites

In the information related to the investigation to which Noti.Group had access to, multiple sites maintained by this criminal group that were dedicated specifically for defamation and extortion.

One of the sites written in Arabic under the URL https://anjomanjadid.com/  includes the legend “Secret Association” featured in that language as a title with the character showing his middle finger, includes a descriptive text that clarifies that the “leader” in the photograph “has stolen all the money” without including any reliable source, verifiable information, proof or names, however the group includes a Telegram contact to coordinate activities against the featured individual, the contact under the Telegram user @AnjomanM_Admin appears to control a group of members.

Telegram is a semi-secure message platform that promises its users confidentiality in communications with secret point-to-point keys, however, only certain types of conversations enjoy this type of protection within the Telegram application. A search carried out by Noti.Group revealed that there are several sites created by the same criminal organization under the same theme.

Noti.Group also found seven sites associated with extortion and identity theft that are related to the Mexican singer Thalia, including a fake fan club.

The sites are part of a current extortion investigation in Latin America involving individuals in Mexico, Argentina, Venezuela and Eastern Europe, the websites were designed to appear to be legitimate sites, however investigation documents show that all four were registered on the same day (2020-10-09) by the same member of the criminal group using the eNom registrar via Bitcoin Web Hosting.

A sea of fraudulent websites

Within the information that Noti.Group had access to, we found both in the investigation documents, as well on the audit we conducted of the servers, exact copies of support pages copied out from real companies which at first glance are used to steal the information of its users.

The term Phishing is used to refer to one of the most used methods by cyber criminals to scam and fraudulently obtain confidential information such as a password or detailed private details that include credit cards or other banking information of the victim.

The scammer, known as a phisher, uses social engineering techniques, posing as a trusted person or company in an apparent official electronic communication; usually an email or an instant messaging system, SMS / MMS social networks, following a malware or even using phone calls.

For example, the sites operated on that server with the URLs http://utente-online.com and http://supporto-cliente-online.com/ redirect to the “BNL” bank, an Italian Bank member of the BNP Paribas Group. Both domains presumably are used exclusively for a customer service scam to obtain access to the Bank’s clients credentials illegally.

Our team also found https://chimenumber.org/ a ghost support page that replicates the colours of the original Chime website, which provides “help” to customers of the a legitimate bank in the US registered as “The Bancorp Bank” which also operates under the brand name “Stride Bank , NA ” and “Chime”; the real bank’s website is accessible at https://www.chime.com/.

Noti.Group found multiple complaints of lost money from customer service fraud on internet forums related to the real Chime company. We approached Chime in the United States and BNL in Italy to know their opinion on the matter, however, both banks did not respond to Noti.Group’s requests for comment on this matter.

Fake Google Store.

Last year Quick Heal Security Lab identified 27 malicious apps on the official Google Play store that prompted users to install a fake Google Play Store application, even when the official Play Store already existed. Google has now removed these 27 apps from their Play Store.

The fake Google Play Store remained on the device even after uninstalling its main app and keeps showing full screen ads at random time intervals. These apps were uploaded by the developer named “AFAD Drift Racer” and belong to the category of free car racing games. Some of the names include; Clio Car Drift, Supra Car Drift, F500 Car Drift, and some other.

Noti.Group found on the servers related to the Investigation a site operated with the URL http://googleappsplaystore.com/  which is not routed to google servers and its effectively outside of googles infrastructure, the site is presumably being designed to steal Google accounts, personal data from users phones and financial information, we ask readers to double check with google any sites that you may be redirected to and act with extreme care.

In our next deliveries

We will explore 14 websites run by this criminal group that promise the public financial freedom by joining the brotherhood of the Illuminati with unprecedented information from the criminal sphere that has created these sites with the sole objective of separating you from your money.

You can read our next delivery on this subject here

We continue to receive information on regards to this case, if you have information related to the contents of this note, please contact the investigative team at Noti.Group at [email protected]

[This article may have been written with information from various sources.]
Credit: Notigroup Newsroom.