A surge in fake investment platforms imitating cryptocurrency and forex exchanges is driving a new wave of financial crime across Asia.
According to recent research by Group-IB’s High-Tech Crime Investigation team, these schemes, which lure victims through social media and messaging apps, are increasingly run by organized cross-border groups using polished trading interfaces and complex backend systems to steal funds.
The research provides a comprehensive mapping of how such scams operate, from initial victim contact to the laundering of stolen assets.
Group-IB has outlined two key analytical models: a Victim Manipulation Flow, which charts how trust is built and exploited, and a Multi-Actor Fraud Network, which reveals how distinct roles cooperate within a single operation.
The report, published today, highlights shared technical fingerprints, such as reused SSL certificates and identical chatbot systems, as indicators linking multiple scam campaigns.
Growing International Threat
Group-IB’s findings follow major law enforcement actions, including the August 2025 arrest of 20 individuals in Vietnam connected to the $1bn Paynet Coin crypto fraud.
While unrelated to the analyzed campaign, the case illustrates how online investment scams have scaled beyond borders. Organized operators now recruit globally, leveraging fake corporate accounts, stolen identity data and mule networks to move funds undetected.
Read more on chatbots used in scams: Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims
The report details a layered structure in which:
-
Target intelligence teams collect leaked personal data to identify victims
-
Promoters pose as successful investors to gain trust
-
Payment handlers manage mule or shell company accounts
-
Backend operators build and maintain fake trading sites and dashboards
-
Masterminds oversee infrastructure and profit from proceeds
Analysts also found that many scam sites share backend systems, chat simulators and even chatbot-driven onboarding that screens victims before granting access. These automated tools often deliver payment details directly via chat – key evidence for tracing transactions and linking cases.
Strengthening Defenses
Group-IB recommended that banks, regulators and cybersecurity teams monitor reused infrastructure components and strengthen Know Your Customer (KYC) controls to block fraudulent accounts.
“For cybersecurity experts, these findings underscore the importance of collecting and correlating technical evidence to connect related domains, attribute operations to specific actors and ultimately dismantle their infrastructure,” the team explained.
“For law enforcement agencies, the models provide a practical framework for explaining scam operations, raising public awareness and building stronger cases for investigations and criminal prosecutions.”
