CloudSEK, a cybersecurity firm, announced that it has unmasked a syndicate involved in printing and selling counterfeit Indian currency. As per the firm, the group was marketing the fake notes via social media platforms such as Facebook and Instagram, and even used authentic marketing channels such as Meta ads. As per the report shared by the company, the group spread Rs. 17.5 crore worth of fake currency in just the last six months. CloudSEK was able to identify the group administrators and geo-locate them during the investigation.
CloudSEK Uses OSINT and HUMINT Techniques to Unmask Perpetrators
In a press release shared with us, the cybersecurity firm highlighted that its Strike team conducted an investigation into a counterfeit currency network that was openly operating via social media platforms. During the investigation, CloudSEK was able to uncover how the group created fake notes and how it publicised its offerings to willing takers using its XVigil platform. The researchers were also able to identify the faces of the group administrators and find out their location.
As per the report, the group was active on Facebook, Instagram, Telegram, and YouTube and ran marketing campaigns on these platforms. They even ran paid promotions via Meta ads to solicit buyers. The group also made use of Facebook and Telegram groups. The campaigns were run using codewords such as “second currency” and “A1 note”. “Some sellers even demonstrated the legitimacy of their counterfeit products using videos, handwritten notes, and video calls.” the company said.
In total, CloudSEK was able to detect more than 4,500 promotional posts, more than 750 accounts and pages to facilitate the sale, and more than 410 unique phone numbers linked to sellers.
Explaining the modus operandi of the syndicate, CloudSEK stated that the perpetrators produced high-quality replica of Indian currency via Adobe Photoshop and industrial-grade printers. They also used paper embedded with Mahatma Gandhi watermark and green security threads.
After promoting their notes, the group would then share proof images with the buyers on WhatsApp, and even offer video calls to show stacks of counterfeit currency. However, CloudSEK highlighted that the transaction never took place online, and were instead made in person. The group also used burner phones, fake IDs, and pseudonyms to evade law enforcement.
CloudSEK researchers were not only able to uncover the extent of the group’s operations but by using open-source intelligence (OSINT) and human intelligence (HUMINT) techniques, they were also able to reveal the location and identities of the group administrators. This was done by retrieving facial images, phone numbers, GPS locations, and social media handles of key suspects. The perpetrators were said to reside in Jamade Village, Dhule district in Maharashtra, and Pune.
Notably, CloudSEK has formally shared the details of the investigations with law enforcement agencies at both state and national levels. The firm suggests Meta to monitor Meta Ad libraries and remove any such finance-based scams. Additionally, it also urges agencies to work with social media platforms to takedown identified sellers and groups.
