Global Fraudulent Scheme Targeting National Immigration Services
13 Feb 2024
Overview
CTM360 has identified a fraudulent scheme involving fake websites targeting National Immigration services globally. The deceiving campaign extends to Electronic Travel Authorization, Evisa, and Electronic Custom Declaration processes. These scams have increased dramatically as more things shifted online and require less paperwork. Scammers take advantage of this by making fake websites. People need to be aware of this and be careful not to get tricked.
These fake websites usually use a basic web design and are hosted on well-known hosting services to look real. Additionally, these fake websites put up disclaimers in fine print stating to be private companies and have no affiliation with any government entities. By doing this, it makes it challenging for the Hosting Providers and Domain Registrars to take action on them.
CTM360 Observations
Based on our analysis of the suspicious infrastructure, we believe these fake websites are part of a broader scam campaign targeting multiple immigration services at the same time. Some of the top countries being targeted include Singapore, South Korea, the Philippines, and Turkey. We expect this scam to also occur in other countries in the near future.
The scam initiates with scammers paying for fake ads on search engines, so they show up at the top of search results. They manipulate the search engine algorithms to get their fake sites noticed more easily. This technique makes it more likely for people to accidentally find these fake websites. The ads are constructed in a way that makes the fake sites seem real, so people might trust them without realizing they're being tricked.
When clicking on the fake ad, users will be redirected to a fake website. On the fake website, they will be prompted to initiate the online visa application process. The process found on the fake website is crafted closely to mimic the procedures found on the official website.
After entering the card details, users will be consistently displayed with error messages falsely claiming payment failures. In reality, the sensitive carding information has already been captured and submitted to the server controlled by the scammers.
Moreover, numerous countries have issued official warnings advising against such fake websites. Please refer to the following sources for more information:
- https://www.cgisf.gov.in/page/important-advisory-on-fake-indian-e-visa-websites/
- https://ircc.canada.ca/english/helpcentre/answer.asp?qnum=1233&top=16
- https://www.perthnow.com.au/news/bali/bali-scam-warning-for-aussie-travellers-to-watch-out-for-fake-websites-providing-counterfeit-visas-c-10513578
- https://www.kenyaembassyaddis.org/2021/06/fraudulent-visa-application-websites/
Recommendations
How to avoid becoming a victim of such scams
For individuals:
- Be very cautious about the sponsored ads specifically about government services.
- When applying for any travel-related services, only use the official website provided by the immigration authorities of the country you're visiting. This may require some research by individuals to ensure they have reached the genuine website.
- Be cautious about clicking on suspicious web URLs, even if they seem to come from people you know.
For Government agencies, ISPs and Domain Registrars:
- Government service providers should publish a list of authorized agents on their websites. This will enable end-users to verify the right provider. Furthermore, it will also provide evidence for the Domain registrar to take prompt action.
- Government agencies are advised to regularly monitor such fake websites that do not have any authorization from the government and update the list of these fake websites on their official portal.
- Government agencies should actively engage with security vendors to identify and take down these fake websites and fake ads.
- There should be national procedures for Local ISPs and National CERTs to block such websites once notified by the right authorities.