SINGAPORE – Local artiste Rebecca Lim is yet another public figure here to have become the face of a bitcoin investment scam without her knowledge.

       Since early January, The Straits Times has repeatedly seen on a reputable regional news site an advertisement with a picture of the award-winning actress captioned “Rebecca Lim shared very important news”.

       The ad supposedly leads to a sponsored article on entertainment portal 8days.sg. But when viewers click on the link, they are directed to a fake news story about Lim, 37, finding a “new wealth loophole which he (sic) says can transform anyone into a millionaire within three to four months”.

       The page, which mimics news website CNA, has links to a supposed crypto auto-trading programme called Bitcoin Future, which the scammers claim is the actress’ No. 1 money-maker.

       In the past few years, there have been many crypto trading scams that use unauthorised images and fabricated quotes of local personalities such as Prime Minister Lee Hsien Loong, business magnate Peter Lim and pop star JJ Lin.

       Cyber-security firm Group-IB published a study in 2020 on a series of similar scams “fronted” by well-known Singaporeans, and reported the pages to the Singapore Cyber Emergency Response Team.

       In the case of the recently surfaced scam page with Rebecca Lim, an average person would find it harder to flag it to the authorities.

       Catch up on the news that everyone’s talking about

       Thank you!

       Sign up

       By signing up, you agree to our Privacy Policy and T&Cs.

       Its displayed URL leads to a dummy website with an article about Lim’s pregnancy, while its real URL is hidden in the codebase.

       To retrieve the real URL, one must trawl through many lines of codes, which requires time and some expertise.

       Mr Vladimir Kalugin, the operations director of digital risk protection at cyber-security firm Group-IB, told The Straits Times that scammers have been “enhancing their evasion techniques to hide their campaigns from the authorities and conventional detection tools”.

       Some of them use website redirection or other methods to change the URL of a scam page without reloading its content.

       Others use a camouflage technique called cloaking, where only targeted users are served the fraudulent and malicious content, while everyone else who visits the same page is served harmless content such as a 404 error page, said Mr Kalugin, who is based in Singapore.

       Scammers have also learnt to prevent crawlers and other Internet bots from accessing their ad content, he added. This makes it harder for the pages to be detected by automated anti-scam tools.

       “To counteract these techniques, authorities and cyber-security experts must work together to embrace advanced monitoring and takedown methods, and increase public awareness of potential online threats,” Mr Kalugin said.

       More On This Topic

       Deepfake video of DPM Lawrence Wong promoting investment scam circulating on social media

       Man in Johor Bahru loses nearly $300k in crypto scam

       Another cyber-security expert, Mr Scott Jarkoff, said the Rebecca Lim bitcoin scam highlights how challenging it is for publishers to monitor the huge volume of digital ads generated and distributed on their sites.

       “Well-established companies may unknowingly host deceptive ads,” said the director of Crowdstrike’s strategic threat advisory group.

       “Websites typically utilise third-party advertising networks to display ads, and scammers may attempt to sneak fraudulent ads into the rotation,” said Mr Jarkoff.

       “While reputable websites have measures for approving advertisements, the ad-vetting process is not always foolproof.”

       But he stressed that publishers still have a responsibility to protect their visitors by evaluating third-party ad networks and patching security vulnerabilities in their content management systems, among other measures.

       While scammers’ techniques have evolved, the “get-rich-quick” promise with which they use to lure people is the same.

       Remote video URL

       Mr Kalugin from Group-IB said in January 2024 alone, his firm has so far detected more than 120 scam websites promoting crypto investments, with a majority designed to steal user credentials and account recovery phrases, which give scammers access to victims’ crypto wallet.

       While visiting scam pages might not pose an immediate threat, it is important for people to avoid leaving any personal and payment data on the websites, he said.

       People should also pay attention to a website’s creation date, he added.

       “Scammers create multiple websites quickly to exploit a certain trending topic, so a recently created resource should be treated with caution,” Mr Kalugin said, adding that people can use services such as Whois to check the creation date.

       He also urged the public to exercise more vigilance during holiday seasons.

       “With the approaching Chinese New Year, we anticipate a surge in the number of malicious resources.

       “Various holiday-themed fake promotions and lucky draws may lure people into submitting their data on fake crypto exchanges or transferring their funds to fraudsters,” he said, adding that people should always independently verify the authenticity of any content that they come across.

       More On This Topic

       Scams are like cockroaches, they keep evolving; do more for digital safety: Tin Pei Ling

       We need to start teaching children in schools how to spot fraud

       Unlock unlimited access to ST exclusive content, insights and analyses

       ST One Digital - Annual

       $9.90 $4.95 /month

       Get offer

       $59.40 for the first year and $118.80 per year thereafter.

       ST One Digital - Monthly

       29.90 $9.90 /month

       Subscribe today

       No lock-in contract

       Unlock more knowledge, unlock more benefits

       New feature: Stay up to date on important topics and follow your favourite writers with myST All subscriber-only content on ST app and straitstimes.com Easy access any time via ST app on one mobile device

       Join ST's WhatsApp Channel and get the latest news and must-reads.

       Internet crimes and scams Cyber security Actors

       Facebook Telegram More Whatsapp Linkedin Twitter FB Messenger Email Print Purchase Article Copy permalink https://str.sg/JdL3W

       Read this subscriber-only article for free!

       Just sign up for a free account and log in to continue reading.

       Fake bitcoin ad featuring actress Rebecca Lim among scams that hide URLs to evade detection

       Sign up

       Already have an account? Log in.

       All done! This article is now fully available for you

       Fake bitcoin ad featuring actress Rebecca Lim among scams that hide URLs to evade detection

       Read now

       Please verify your e-mail to read this subscriber-only article in full

       Fake bitcoin ad featuring actress Rebecca Lim among scams that hide URLs to evade detection

       Resend verification e-mail

       The gift link for this subscriber-only article has expired.

       Get unlimited access to all stories at $0.99/month for the first 3 months.

       Subscribe now

       You have reached your limit of subscriber-only articles this month.

       Get unlimited access to all stories at $0.99/month for the first 3 months.

       Subscribe now

       Read and win!

       Read 3 articles and stand to win rewards

       Let's go! Terms & conditions apply

       Frequently asked questions

       Good job, you've read 3 articles today!

       Spin the wheel now

       Let's go! Terms & conditions apply

       Frequently asked questions