Investment Scam Group CashRewindo Recycles Old Domains for New Schemes 

A Cryptocurrency focused group of cybercriminals has recently created a unique method to bypass security tools, by hosting on domains years or even a decade old. This technique is referred to as Domain Aging, as security tools are more likely to overlook domains that have been online with no malicious content for longer than two years. By registering the domains years in advance, it becomes far more likely that the user is never warned that the site hosts malicious links or scams. 

CashRewindo’s operation is especially dangerous, as they enact additional tactics to camouflage the nature of the site entirely. The malicious links hijack common advertisements on popular sites, such as personalized adverts for Cryptocurrency or hobbies such as photography. Once the user clicks on an infected advertisement, the link performs a check based on user timezone, platform, and language. As each campaign is personalized to specific targets, victims who do not match the profile are redirected to another innocuous site, or to a blank page. 

Victims that match the campaign target are directed to an investment site, often emulating news articles subtly urging the victim to invest in generalized cryptocurrency investments. Once interacted with, the site redirects the user to investment scams customized to match target language and currency to lure the target victim, allowing the user to sign up with personal details. These scams espouse unrealistic returns upon investing within the company, urging the victim with limited timers to act. 

While the scam has been effective in Eastern Europe for some time, the scam has gained traction within the U.K and North America as CashRewindo activated over 400 domains, some of which were registered as early as 2003. 

The nature of this scam counters many standard practices for automated software, not only by hijacking placeholder ads and hiding the malicious code within old domains, but also editing site images with red circles to confuse security visual detectors. The result is a sophisticated attack that avoids security protocols, relying solely on the user to follow the scheme’s lure. 

We recommend users not to be interacting with advertisements and recognizing the signs of a scam, such as unrealistic profits or urgency to enlist. If you think you have been scammed, or would like to learn how to identify scams better, contact us.

A strong firewall, and email filter is recommended to block simple scams from reaching users, more complex scams require users to be alert and aware of common methods. We can help you increase your security.

As skepticism is the first line of defense, users should always research before investing into any company. If you are interested in staff training and security testing, call 615-928-2438.