Cyber Blog

Cybersecurity experts have uncovered a sprawling scam operation involving more than 17,000 fabricated news websites, operating across some 50 countries. This criminal network—referred to as “BaitTrap”—specializes in luring unsuspecting individuals into investment fraud schemes, cleverly disguised behind the façade of legitimate news outlets like CNN, BBC, and CNBC.

The scam begins with professional-looking fake news articles that cite high-profile figures, financial institutions, or government statements to create an illusion of trustworthiness. Users are attracted via sponsored ads on platforms like Google and Meta, which promote sensational clickbait headlines alongside state flags or official imagery. Once clicked, the ads direct users to fake news pages before funneling them toward fraudulent investment or trading platforms.

Typically, the scam unfolds in two stages. First, users land on convincing “news” stories that lead to polished yet entirely fake investment websites—brand names such as Trap10, Solara Vynex, or Eclipse Earn. Next, victims are enticed by seemingly legitimate investment opportunities and are often contacted by supposed financial advisors. These advisors request personal identification, cryptocurrency transfers, and repeated “verification” fees that delay withdrawals and maximize financial extraction.

Scammers leverage cheap domain registrations—using extensions like .xyz, .click, or .shop—and sometimes contaminate legitimate websites by embedding fake pages within subfolders. They also tailor content to specific regions, using local languages, recognizable media brands, and familiar influencers to build credibility. CTM360’s tracking tools have identified the expansive footprint of this campaign, revealing how victims are manipulated and how fraudsters monetize their schemes.

Once targeted, victims are typically asked to make an initial deposit—around $240 is common—after which a spoofed dashboard displays fictitious profits. As trust builds, victims are coaxed into investing more, all managed by a team of fraudsters posing as advisors. Behind the scenes, gathered personal data—names, emails, phone numbers—is harvested for potential use in further phishing, identity theft, or secondary scams.

Although this massive campaign has been mapped and is being actively tracked and dismantled, the sheer size and complexity of BaitTrap highlight the urgent need for vigilance. Users are advised to thoroughly vet news sources, avoid downloading unknown software, ignore unsolicited investment pitches, and double-check the legitimacy of any platform before sharing sensitive information or transferring funds.