Cybercriminals are increasingly leveraging the credibility of well-known brands to drive traffic to unauthorized online gambling platforms. Unlike traditional phishing schemes that create counterfeit banking websites or deceptive emails, these scammers exploit the trust associated with familiar logos and brand names.
The scheme typically unfolds as follows: a user browsing social media platforms such as Facebook, Instagram, TikTok, or Threads encounters an advertisement claiming that a reputable brand—be it a bank, retailer, or streaming service—has introduced its own slot or casino game. Some of these ads even feature fabricated testimonials from individuals purporting to have won substantial amounts playing these branded games.
Upon clicking the advertisement, the user is redirected to a landing page designed to mimic an official app store listing. This page prominently displays the brand’s logo and a fictitious developer name, lending an air of authenticity. Users are then prompted to install what appears to be a legitimate application but is, in reality, a Progressive Web App (PWA). This PWA functions as a browser shortcut disguised as a native app.
Once launched, this shortcut covertly directs the user to an unrelated gambling site via affiliate tracking links. The operators of these scams profit from affiliate marketing programs, which reportedly offer commissions ranging from $50 to $350 for each new player who registers and makes a deposit.
Deceptive Advertising Tactics
Researchers have identified three primary strategies employed in these campaigns, each varying in complexity and sophistication:
- Basic Brand Association: The simplest approach involves attaching a brand name to a generic slots advertisement, often featuring everyday individuals to enhance relatability.
- Brand Imitation: A more elaborate tactic involves replicating a brand’s actual logo, color scheme, and creating forged screenshots of its app interface. For instance, an ad targeting Monzo bank displayed a fabricated account balance alongside text announcing the bank’s “official launch of online slots,” complete with a real Monzo sort code to enhance credibility.
- AI-Generated Promotional Content: The most convincing method utilizes artificial intelligence to produce promotional videos that appear to be filmed outside genuine brand locations, featuring actors posing as employees and incorporating authentic branding elements. These videos are particularly effective in deceiving viewers familiar with the brand.
Fake app store listings are crafted with equal attention to detail, employing stolen logos, invented developer names such as “Tesco Entertainment UK Limited,” and fabricated star ratings and reviews to further the illusion of legitimacy.
In some instances, the advertisements present a spin wheel game that invariably results in a win, enticing users to “claim” their prize by installing the disguised app. Additionally, certain ads display one URL, such as a Google Play address, while actually redirecting users elsewhere. There have also been cases where a domain initially designed to impersonate one brand was later repurposed to run ads for a completely different brand, indicating that operators recycle infrastructure across various campaigns.
Implications and Preventative Measures
This trend underscores the evolving sophistication of online scams and the importance of vigilance among consumers. Users should exercise caution when encountering advertisements promoting branded gambling applications, especially on social media platforms. Verifying the authenticity of such promotions through official brand channels and being wary of unsolicited offers can help mitigate the risk of falling victim to these deceptive schemes.
For brands, this phenomenon highlights the necessity of monitoring and protecting their digital presence to prevent misuse of their identity. Implementing robust security measures and educating consumers about potential scams can aid in preserving brand integrity and consumer trust.