A recent report by cybersecurity firm CTM360 has uncovered a vast network of over 17,000 fraudulent news websites, termed Baiting News Sites (BNS), designed to deceive individuals into participating in online investment scams across 50 countries.
These BNS platforms are meticulously crafted to mimic reputable news outlets such as CNN, BBC, and CNBC, as well as regional media organizations. They disseminate fabricated stories featuring public figures, central banks, or financial institutions endorsing novel passive income opportunities. The primary objective is to swiftly establish credibility and direct readers to sophisticated scam platforms like Trap10, Solara Vynex, or Eclipse Earn.
To drive traffic to these deceptive sites, scammers employ sponsored advertisements on platforms like Google and Meta, as well as through blog networks. These ads often feature sensational headlines—such as You won’t believe what a prominent public figure just revealed—accompanied by official photographs or national symbols to enhance authenticity. Upon clicking, users are redirected to a counterfeit article, which subsequently leads them to a fraudulent trading platform.
The scam typically unfolds in two phases. Initially, victims are lured through advertisements and fake articles. Once engaged, they receive calls from individuals posing as advisors, who request identification documents, cryptocurrency deposits, and conduct continuous account verifications to delay withdrawal attempts. This multi-layered approach is designed to build false trust, prolong suspicion, and extract maximum funds before the victim realizes the deception.
CTM360’s Webhunt platform has identified over 17,000 such sites to date. Many are hosted on inexpensive top-level domains like .xyz, .click, or .shop. In certain instances, attackers compromise legitimate websites to host BNS content within subdirectories, complicating takedown efforts. These pages are often regionally tailored—utilizing local languages, recognizable media logos, regional influencers, and banks to enhance credibility.
Individuals often encounter these scams while searching for online investment opportunities or passive income methods, clicking on sponsored headlines that mimic legitimate financial advice. The content is strategically designed to align with high-intent searches—using phrases like automated crypto trading or celebrity-backed investment to attract users actively seeking such information.
Upon accessing the fake platform, victims are prompted to register with personal details, including their name, phone number, and email address. Shortly thereafter, a so-called investment agent contacts them via phone, employing a professional and persuasive demeanor. Victims are encouraged to make an initial deposit—typically around $240—to activate their account. Subsequently, counterfeit dashboards display fictitious profits, creating the illusion of earnings. The longer the victim remains engaged, the more pressure they face to invest additional funds.
These schemes not only exploit trust but also collect sensitive data for use in phishing, identity theft, and secondary fraud. This dual-threat nature positions Baiting News Sites at the intersection of investment scams, brand impersonation, and data harvesting. Similar patterns are emerging in pig butchering scams, fake Know Your Customer (KYC) platforms, and affiliate fraud networks—areas warranting increased vigilance as these fraudulent ecosystems evolve.
CTM360’s Scam Navigator tool, modeled after the MITRE framework, delineates the step-by-step mechanics of these scams: from resource setup and ad creation to victim interaction, data theft, and monetization. BNS plays a pivotal role in the distribution phase, serving as the entry point for a broader fraud pipeline.
CTM360 continues to monitor these campaigns, offering takedown support, threat intelligence, and risk protection to governments and organizations across targeted regions.
