"This network is not simply large but is also designed for persistence. "Infrastructure decisions favored evasion and durability over operational simplicity, consistent with a coordinated network rather than isolated or opportunistic impersonation activity," states Sygnia's report on its discoveries. The domains are registered through multiple registrars across different IP ranges; each site uses a distinct SSL/TLS certificate; and many are deployed behind Cloudflare, obscuring the servers, hiding their relationships and making takedowns more difficult."
"The primary purpose of these clones appears to be a repeat victimization of subjects already victim to previous fraud. The lure is a cloned legal site offering to recover money already lost to prior fraud, noticeably stating that no payment will be required before the lost funds are recovered. There is some indication of a relationship between this campaign and earlier fraud scams."
A live network of more than 150 cloned websites impersonates law firms to target and re-victimize previous fraud victims. The campaign prioritizes evasion and durability, using multiple registrars, distinct SSL/TLS certificates for each domain, and Cloudflare to obscure server relationships and hinder takedowns. Individual sites are presented as standalone domains to avoid linking activity. The cloned sites offer asset recovery services, explicitly stating no payment is required before funds are recovered to lure victims. Some phone numbers have been used across multiple scam campaigns over years, indicating ties to earlier fraud operations.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]