Crowd-Scamming - When Your Generous Donation Ends Up in a Cybercrook’s Pocket

Cybercriminals might have found the perfect way to scam people online with little risk and a chance for high gains- all by using legitimate crowdfunding sites. As we noted many times, Cybercriminals are always seeking to invent new, lucrative business models, preferably ones which require very little hacking and generate generous returns with minimal risk. They might have found the perfect way to do so- enter the CrowdScam. Utilizing the popularity of crowdsourcing sites, they’ve found a way to siphon money straight from the pockets of wealthy westerners into their own. Like most clever schemes, the concept is simple: use legitimate crowdsourcing sites (https://www.crowdrise.com/, http://www.giveforward.com/), open an account feigning to be a “genuine” user, start raising money for a cause, but (and here’s the catch) collect the funds raised for yourself, and voilla- a CrowdScam is born!

crowdscam- a fake crowdfunding campaign
crowdscam- a fake crowdfunding campaign

Some crowdsourcing sites make such a scheme far harder than others, so scammers must target sites with the following attributes:

  1. Work on a “Keep-It-All” model, meaning that even if one doesn't reach their fundraising goal, they still keep the money they have raised (vs. sites like Kickstarter which has an “All-or-Nothing” policy, meaning that if one doesn’t reach their target, all donated funds are returned).
  2. Demand a small processing commission, which varies significantly between crowdsourcing sites, e.g. GoGetFunding’s 4% vs. Kickstarter’s 5%.
  3. Allow all sorts of campaigns and not only “creative” ones (such as funding an artist).
  4. Don’t demand much in terms of due diligence.
  5. The sites featured in this article allow a daily transfer of accumulated fees using the site’s webpay payment processing platform, from which the criminals may receive money on a daily basis.

Done right, this scheme is almost impossible to detect and probably would not have been brought to light if not for a discussion discovered by intelligence analysts from IntSights, on a closed Russian cybercrime forum. The forum invited members to share their experiences of the aforementioned cyber-scam, allowed them to share tips and discuss the difficulties of transactions being cancelled.

One example discussed on the forum was a crowdfunding campaign entitled “Actors in Greece”, allegedly established by a Greek man named Kalyviotis Athanasios (https://gogetfunding.com/user/?uid=144254). Its aim was to raise funds to aid a theatre, “Artichoke”, to operate in the country’s difficult economic climate. The description stated that: ”In Greece there are already a lot of independent theaters, but also the most famous of them are experiencing financial difficulties”, thus “Artichoke”’s manager reached out to potential sponsors to contribute to the theatre’s yearly budget. The aim was to raise 10 million Tenge, though it was not, ultimately, achieved.

Initially, the campaign seems to be generating little interest, however, once the first contribution of 20 Euros was made by “Lexy Harper” (which appears to be the name of a porn actress), legitimate donors contributed over 1,000 Euros. It seems that this same requires two fake personas - one to initiate the campaign, and the other to offer the first donation - to ensure its success.

crowdscam2
Profile page of Kalyviotis Athanasios who started the campaign

The crowdfunding site used for the scam seemingly has no particular motivation to investigate the authenticity of the campaigns it hosts (after all, they still enjoy the processing fee), so it is left to innocent backers to carefully inspect where they spend their hard earned cash.

Alon Arvatz, IntSights’ VP Intelligence commented on such scams, calling them “very creative and profitable scheme[s] we are seeing for the first time.” He noted that they require little in terms of time and resource investment and can yield nice profits for the crooks, and related them to a broader trend that IntSights have increasingly been observing, wherein cybercriminals divert their efforts to “smaller”, less risky endeavors instead of full on cybercrime heists. This is evident in many other instances and we are now seeing sophisticated schemes targeting people on job search sites, information exchange sites and other platforms which were did not suffer from such criminal activity until very recently.

IntSight’s main concern is that once this model has proven successful it will quickly be replicated, spread to other legit crowdfunding sites, cost money to their participants and damage their reputation. “We advise web users on all platforms to be extra careful when sharing their personal identification details, and, of course, when wiring money to people they’ve never met”.

This post was written by Ido Wulkan , IntSights Intelligence analyst.

Stay up to Date!

Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.