.png)
1 week ago
7
Lately, while doomscrolling through news feeds, I noticed something strange: an ad claiming that some prominent influencer had been arrested. The headline was clickbait, but the thumbnail looked familiar - an Indian Express article, except… it wasn’t. The website was something called gawalla[dot]com.
Out of curiosity (and skepticism), I clicked. It led to a fake article that mimicked a news site but was riddled with grammatical errors and strange phrasing. Buried in it was a call to action: join a crypto trading platform called “Trade 350.” Supposedly, only 18 spots were left. It felt like a bad affiliate scheme - but worse.
This rabbit hole led me into a sprawling, modular scam campaign that stretches across continents, platforms, and personas. It's polished, persistent, and terrifyingly effective.
Let’s start with this one campaign. Here's how it works:
Bait Ads: The campaign buys Google Ads targeting popular news keywords. Some of the thumbnails are doctored screenshots from legitimate media outlets.
Fake News Article: Clicking the ad takes you to a site impersonating a well-known publication (e.g., “Indian Express” ) with a fake report claiming a celebrity (e.g., Sadhguru) was arrested for leaking a “secret” trading app.
Scarcity Play: The article promotes an app: “Trade 350” - with urgent messages like “Only 18 spots left.”
Fake App: Users who fall for it are asked to download a crypto trading app or register for an “investment opportunity.” Some victims see fake dashboards showing unreal profits to encourage reinvestment.
Exit Scam: Eventually, accounts are frozen. Victims can't withdraw their money. Customer support vanishes. In many cases, life savings are gone.
That alone would be troubling. But then I found more.
This isn’t a single scam - it's a framework for scamming. The pieces are interchangeable. Swap the celebrity. Swap the domain. Swap the app & ad network.
Here's what else I found:
These are mostly hacked or repurposed WordPress installations:
https://letsgopickle.com/ https://suchagreatjewelstore.com/ https://onlineletaxindia.com/ https://hindu-express247.com/ https://hindu-times.com/ https://marcelocostamkt.com/ https://mx-oro.com/ https://medicinaesteticamontalvo.com/my/siti_nurhaliza/ https://live.indiatomorrow1.top/RJvLbxK9Some even use real-looking subdomains (e.g., live.) or names similar to popular media outlets (e.g. hindu-*) to appear more legitimate.
These are the payloads - the final step before the money vanishes:
https://smartyautoai.com/ https://traderboltai.com/ https://a.holdingsnest.net/ https://swapyieldtrade.com/ https://yieldstaketrust.com/ https://robomentax.co.uk/ https://trader-ai.cc/ https://successpathcenter.site/ https://skillsforwardhub.site/ https://careerjourneyhub.site/ https://elevateyourpathway.site/ https://goaldrivenfuture.site/ https://austrariseprofitsai.org/These sites often change rapidly and are sometimes hosted on reputable infrastructure, making takedown harder.
One particularly disturbing detail: these scam ads are being run by accounts verified through Google’s business advertiser process. For example, one campaign was run by "ADITYA TECHNO BUILD PRIVATE LIMITED" - an actual registered company in India. Whether this account was hacked, impersonated, or complicit is unclear, but it shows that platform-level verification isn't working as intended. As per this news article, similar scams have also been run using Meta ads on Facebook and Instagram.
These operations aren’t just running ads. They’re seeding content across the web:
News Articles on Reputable Sites: Articles about “Trade 350” have appeared on ThePrint.in, RepublicWorld.com, and BizzBuzz.news, likely through user-generated content portals or sponsored post loopholes.
YouTube: AI-generated voiceovers in fake "review" videos hype up apps with titles like:
“Trade 350 App Review UK Exposed!😲 Is It a SCAM? Expert Crypto Trading Hacks For The Trade 350 App!📈”Social Media: The same infrastructure is used to push variants like “Immediate 2.2 Alrex” on Instagram, with fake endorsements from Amitabh Bachchan and viral claims like "under house arrest for leaking the platform."
While this particular campaign appears India-focused, the infrastructure is global. Domains are registered via Namecheap, GoDaddy, and others. Whois records show some of these domains are 2+ years old, suggesting they've been repurposed, purchased, or hijacked.
The days of lazy phishing sites with spelling errors and cartoon graphics are gone. This scam campaign is:
Modular: Built with swappable components - celebrity, domain, app.
Cross-platform: Spread via ads, news, YouTube, Reddit, Instagram.
Psychologically tuned: Uses urgency, social proof, and fake dashboards.
Hard to dismantle: Because it leverages legitimate platforms.
Google and Meta need to tighten their ad and page verification processes. If scammers can rent legitimacy for a few bucks, what's the point of verification?
Registrars need anomaly detection around aged domains being suddenly used for clickfraud or impersonation.
Publishers should audit their UGC and BrandVoice-like platforms to prevent SEO laundering.
Consumers, unfortunately, must stay skeptical - even of platforms they trust.
If you’ve seen similar scams, let’s talk. This isn’t a small-time phishing ring. It’s a framework for manipulating trust at scale. Let’s break it.
