Do you often encounter scam projects? We’ve been here often. Not because of professional activities or something like that, but rather because of interest. But sometimes it even seems to me that I don’t find them, but they are looking for me.

Today We will analyze one scam project, and tell you why I find it “beautiful”.

How it all started

We was lying on the bed. I am sure many people are familiar with this feeling: a feeling when you seem to have something to do, but you don’t want it. Your only desire now: to correct the pillow, lie down and read something on the phone.

Once again, when this desire overtook me, I decided to see what’s new in my Telegram. And so it happened (historically) that in Telegram I subscribed to a large number of channels devoted to cryptocurrencies, various methods of fraud, “earning schemes”. No, I don’t do anything mentioned above at all, but it’s extremely interesting to read about it personally.

And this very time we came across an interesting article. She had the name “$ 40 in 5 minutes.” To many readers of XiDigtaNews, the name itself may seem suspicious, but it is too early to draw conclusions. Moreover, believe me – in Telegram such names are not rare, everyone is used to them. We certainly do.

From the first reading, the article seemed to me a usual thing for Telegram – attracting users to the site in order to register by invitation link. But what is it: such a channel on the “fraud” in bulk. Channel administrators post articles about a site that promises the user to “get one hundred thousand million euros per second,” in which they publish their invitation links, upon registration by which administrators receive bonuses or even money. Briefly and rudely – everything happens just like that.

But as soon as we looked at these links, I noticed something strange.

A little about the same article

To understand what is happening, I will briefly retell the article. It says that there are two companies: Tencent and Bridgewater Associates (why I’ve hooked the names of these companies a little later). Allegedly, the Chinese company Tencent is about to release a new cryptocurrency, which is waiting for the entire cryptocurrency market. Bridgewater Associates, being an investment company, is actively buying its tokens, even before the release of the cryptocurrency itself for use. The author of the article suggests receiving “free tokens” from Tencent, and selling them to Bridgewater Associates. On this, he offers the reader to get his money.

All would be nothing. As I said earlier, we managed to think that this is the usual attraction of readers to invitation links. But after the second reading of the article, We looked at the links.

The beginning of the investigation

Initially, We was alerted by the second link from this article, namely the one that led to the Bridgewater Associates website.

Take a closer look at her:

We are sorry, my vision doesn’t fail me? On the main website of a cool and well-known investment company in the domain, the letter “e” is missing, which is in their name? Looks rather suspicious.

And pay attention to one more detail: this site runs on regular HTTP, and not on HTTPS! I did not notice this immediately. To be honest, they helped me (thanks, ne555). But now it’s worth considering: it’s really a very strange decision – to neglect the safety of your users. It is especially strange for a “big” and “famous” investment company.

So, I still follow the link. Do you know what I see? I see a great site. No, seriously – I liked the design. It is quite simple, futuristic, with a beautiful reception panel. But the things that alerted me did not go anywhere: the letter “e” is still absent in the domain of the site, as well as the connection via HTTPS.

The appearance of this site

Then I decided to check the information about this company in Google.

Seeking. Unlike other scam projects that I found earlier, I even find something. The company really exists! Indeed: it is a large investment company created by a billionaire. Google even gives a link to it. And here she is:

And here is the look of this site

Notice the difference? The letter “e” in the domain issued by Google is! And what is more interesting – on the site that Google issued, there is no panel for registration. Curious!

What about the second site?

The investigation is ongoing

The article offers us the following link leading to the Tencent website:

There are no grammatical errors in it, and an SSL certificate is connected to the domain. This is all good. And the appearance of the page is also not suspicious. Here, by the way, and he:

Appearance of Tencent website

Wow, how convincing. There are even some Chinese characters on the logo and page title – just fine!

But what would happen if We were a Chinese, and would not understand English langauage well? Probably, we would like to switch the interface language to my native one – Chinese. They should have such an opportunity. Of course. The company is famous. And Chinese.

But, alas, on the site of the “Chinese” company there is no way to switch the interface language to Chinese. The scale of suspicion rises.

I carry out the same operation that I did with the Bridgewater Associates website – Google. What will the quick search tell us? Well, the result was the same as in the previous attempt: the company exists. And Google again shared with us a link to it. Even two: the English and Chinese versions. And yes, the domain of both is again different from that which the author of the article “kindly” shared with us. Here are the links:

Appearance of this Tencent, with an interface in English

Again, the interest is that on the site that Google issued (as with the Bridgewater Associates case), there is not even a hint of the presence of registration on the page. Just amazing.

By this time, the scale of suspicion had already touched the ceiling. But I still decided to finish it off with this – it’s time to check the date of creation of the domains.

Climax

And so, there are four different sites. We go to the first service that catches your eye, which Google gives us when asked to “check domain registration.” What do we see?

Tencent Strange Website:

Current Tencent Website:

And for some reason I’m not even surprised. The date of registration of this Tencent domain is September 14, one thousand nine hundred and ninety-eight. While the domain is “strange” (which is already there, now I can confidently say “fake”) the site was registered only eight days ago – on December twenty-ninth, two thousand and nineteen. But someone has nothing to do for the New Year?

What about the second domain?

Fake Bridgewater Associates:

Real Bridgewater Associates:

Again – the difference is on the face. The first domain was registered in the same year, just a day earlier than the previous one. The real Bridgewater Associates domain is registered in nineteen ninety-five.

When did scam happen?

At what point would you decide to follow the instructions in the article and lose your money? Well, this is a very simple question. Back to the article:

That’s how your money disappears. They disappear at the moment when you buy yourself another five tokens

that are needed to “bypass the withdrawal limit.” The author of the sites made a smart move: he “gave” five tokens to you, and at least ten can be withdrawn from the site at least. In total, you must buy another five pieces, so also at the cost of a token of $ 10. After conducting complex mathematical calculations, you can understand that you will lose $ 50. The magic is that all this happens on a fake site, and when you buy cryptocurrency, the money automatically goes to the fraudster. In fact, no one can get anything out of there, and only the scammer pays off.

Epilogue

Yes, this scam is beautiful. A fraudster uses two sites at once, taking two real and existing companies as their basis. Moreover, I would not have clung to this “investigation” if I had not noticed a minor oversight in the site URL.

What will I do now? I will definitely find out the names of the hosting on which these two sites are located, and I will complain about them to its administrators. And not because of malice, no. This project could not take anything from me. I just want to protect other Web users from being caught by this hook. Indeed, if I confess fully, then two years ago, if I had an extra $ 50, I myself would probably have gotten it.

To users of XiDigtaNews I just want to remind of the importance of mindfulness on the Web. If the average admin of a dark-themed channel in Telegram can start a convincing fraudulent project, then other scam projects can be much more serious (and more dangerous). At the moment, the article has already accumulated 1800 views, and even if 10 people read it, did not check anything and tried to follow the instructions, the author of the article already earned $ 500. And that is pretty sad.