A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries.
These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial brands, all claiming to back new ways to earn passive income. The goal? Build trust quickly and steer readers toward professional-looking scam platforms like Trap10, Solara Vynex, or Eclipse Earn.
Scammers use sponsored ads on Google, Meta, and blog networks to push traffic to these sites. Ads often carry clickbait headlines—”You won’t believe what a prominent public figure just revealed”—paired with official photos or national flags to make them feel legit. Clicking the ad directs users to a fake article, which then redirects them to a fraudulent trading platform.
Many of these scams follow a two-phase structure. The first phase focuses on luring victims through ads and fake articles; the second phase kicks in once the victim engages, starting with a call from a so-called advisor, followed by requests for ID documents, crypto deposits, and ongoing “account verifications” designed to delay withdrawals. This layered setup helps scammers build false trust, stall suspicion, and extract maximum value before the victim realizes it’s a trap.
CTM360’s Webhunt platform has tracked over 17,000 of these sites so far. Many are hosted on cheap top-level domains like .xyz, .click, or .shop. In some cases, attackers compromise real websites to host BNS content inside subfolders, making takedowns harder. The pages are often customized per region—using local languages, familiar media logos, regional influencers, and banks to increase believability.
Most users encounter these scams while searching for ways to invest online or earn passive income, often clicking on sponsored headlines that mimic legitimate financial advice. The content is designed to match those high-intent searches—phrases like “automated crypto trading” or “celebrity-backed investment” are common bait, tailored to match what people are already looking for.
Once on the fake platform, victims are asked to register with their name, phone number, and email. Soon after, an “investment agent” follows up via phone, sounding professional and persuasive. Victims are urged to make a small deposit—usually around $240—to activate their account. From there, fake dashboards simulate profits, showing earnings that don’t exist. The longer the victim stays engaged, the more they’re pressured to invest again.
These schemes don’t just exploit trust—they also collect sensitive data for reuse in phishing, identity theft, and secondary fraud. That makes Baiting News Sites a crossover threat: part investment scam, part brand impersonation, part data harvesting. It’s a pattern increasingly seen in pig butchering scams, fake KYC platforms, and affiliate fraud networks—topics that deserve closer tracking as the ecosystem evolves.
CTM360’s Scam Navigator tool, modeled on the MITRE framework, maps out how these scams work step-by-step: from resource setup and ad creation to victim interaction, data theft, and monetization. BNS plays a key role in the distribution phase, acting as the entry point for a much larger fraud pipeline.
CTM360 continues to track these campaigns and provide takedown support, threat intelligence, and risk protection to governments and organizations across targeted regions.
Read the full report here.
About CTM360 – CTM360 is a unified external security platform that integrates External Attack Surface Management, Digital Risk Protection, Cyber Threat Intelligence, Brand Protection & Anti-phishing, Surface, Deep & Dark Web Monitoring, Security Ratings, Third Party Risk Management and Unlimited Takedowns. Seamless and turn-key, CTM360 requires no configurations, installations or inputs from the end-user, with all data pre-populated and specific to your organization. All aspects are managed by CTM360.
For more, visit www.ctm360.com.
