Scammers are increasingly misusing well-known brand identities to divert users towards unrelated online casinos. Instead of employing traditional phishing methods, they leverage consumers’ trust in established logos to execute their schemes.
Deceptive Advertising Tactics on Social Media
The fraud begins with a seemingly innocuous ad on platforms like Facebook, Instagram, and TikTok. These ads claim that a recognizable brand, such as a bank or retailer, has launched a casino game or slots. Some even feature fake testimonials from alleged winners of these games. Netcraft researchers uncovered these ads, noting their organized and sophisticated nature compared to typical clickbait.
According to a report shared with Cyber Security News, this operation involves numerous impersonated brands across various countries, indicating a well-coordinated effort by the scammers.
Fake App Store Listings and Misleading Installations
When users click on these ads, they are directed to a landing page made to look like an official app store listing, complete with the brand’s logo and a bogus developer name. The page prompts users to install what appears to be an app, but is actually a Progressive Web App, which is a browser shortcut disguised as a native application.
Once opened, this shortcut redirects to an unrelated gambling site via affiliate links, earning the scammers a commission for each new player who registers and deposits money. These commissions reportedly range from $50 to $350 per player.
Varied Methods of Brand Impersonation
Netcraft identified three levels of complexity in these impersonation campaigns. The simplest method involves attaching a brand name to a generic slots ad. A more elaborate strategy mimics a brand’s logo and color scheme while fabricating app screenshots. Some ads even use AI-generated promotional videos to enhance credibility.
Fake app store listings are crafted similarly, featuring stolen logos and fabricated developer names like “Tesco Entertainment UK Limited,” complete with false star ratings and reviews.
Some campaigns employ a spin wheel game that always results in a win, prompting users to “claim” their prize by downloading the disguised app. Occasionally, URLs displayed in ads lead to different destinations than advertised, with some domains recycled across multiple campaigns.
Widespread Impact and Prevention Measures
The brands targeted range from UK banks like Monzo and Barclays to global names such as Amazon and Netflix. Although most ads focus on UK consumers, variations in German and Spanish, along with Canadian dollar incentives, suggest a broader international reach.
Users should be wary of ads claiming that a bank or retailer has launched gambling products. It is essential to verify these claims through the brand’s official app or website and avoid downloading anything prompted by a social media ad.
Netcraft has published indicators of compromise related to this scam in a public GitHub repository, offering resources for researchers and platforms to track and block the associated infrastructure.
Indicators of Compromise (IoCs) include domains such as 345rodeoslot[.]com and tescogames[.]com, used in these fraudulent campaigns. By recognizing these red flags, consumers can better protect themselves from falling victim to such scams.
