BaitTrap Exposed: 17,000+ Fake News Sites Fueling Global Investment Scams

BaitTrap is a large-scale campaign designed to deceive users through counterfeit news websites, spanning over 50 countries and fueling a surge in online investment fraud.

Identified by CTM360, these deceptive domains—referred to as BNS (Baiting News Sites)—meticulously replicate the design and branding of renowned news outlets such as CNN, BBC, and CNBC to cultivate trust and lure visitors into investing in fraudulent financial platforms.

These sites feature fabricated articles that claim endorsements from celebrities, government financial institutions, or prominent brands, all allegedly backing “innovative” passive income schemes. This illusion of legitimacy serves to funnel unsuspecting users toward scam platforms such as Trap10, Solara Vynex, and Eclipse Earn.

Traffic is driven through aggressive advertising on platforms like Google, Meta*, and blogging networks. Often, sensational headlines such as “You won’t believe what this famous politician revealed” are accompanied by official emblems, national flags, or celebrity photos. Clicking on these ads leads users to phony articles and, eventually, to the deceptive websites posing as investment platforms.

The scam unfolds in two stages. First, users are baited through ads and fake content. Once registered, they are contacted by so-called “financial advisors” who request identification documents, solicit small cryptocurrency deposits, and demand frequent identity verifications. These actions are deliberately orchestrated to delay withdrawals, create a false sense of security, and slowly entrap victims in the scheme.

To date, more than 17,000 such websites have been uncovered. Cybercriminals often rely on inexpensive domains—such as .xyz, .click, and .shop. In some instances, legitimate websites are compromised, with malicious content concealed in hidden subdirectories, significantly complicating detection and removal. Additionally, scammers localize content to target specific regions, employing native languages, logos of regional news agencies, images of local celebrities, and banking icons.

Most victims encounter these scams while searching for ways to earn money online. Queries like “automated cryptocurrency trading” or “celebrity-backed investments” frequently serve as gateways into the trap. The fake platforms typically request the user’s name, phone number, and email. An “agent” then makes contact, projecting professionalism and persuading the victim to make an initial deposit—usually around $240. A simulated dashboard displays fake earnings, enticing the victim to continue investing.

Beyond financial losses, victims also surrender personal data, which can be exploited for phishing, identity theft, or further fraudulent activity. As such, BNS operations serve not only as investment fraud but also as sophisticated tools for data harvesting, brand impersonation, and launching secondary scams. These hybrid threats are increasingly prevalent in pig butchering-style fraud, counterfeit KYC platforms, and affiliate scam networks.

Dedicated threat intelligence tools now trace the full lifecycle of such campaigns—from infrastructure deployment and ad placement to victim engagement and monetization. Fake news sites function as the initial touchpoint, enabling broad exposure and acting as the gateway into a far more complex web of deception.