Lured by Likes, Robbed by Rabbits: A Modern Online Heist

In 2024, Infoblox Threat Intel revealed that U.S. consumers lost a staggering $5.7 billion to cleverly executed investment scams. The digital masterminds behind this chaos? Two cybercrime groups with deceptively harmless names: Reckless Rabbit and Ruthless Rabbit.

The Scam Playbook

• Reckless Rabbit uses fake Facebook ads featuring celebrity endorsements to lure unsuspecting victims into fraudulent investment platforms.
  
• Ruthless Rabbit, on the other hand, operates behind cloaking services and spoofed websites, impersonating trusted brands like WhatsApp and Meta.
  
• Both groups leverage Registered Domain Generation Algorithms (RDGAs) to create vast networks of scam-ready domains that stay a step ahead of detection systems.

Psychology Behind the Scams

These cybercriminals rely on two powerful triggers:

• Confusion, caused by financial uncertainty and FOMO (fear of missing out).
  
• Confidence, built through polished, professional-looking websites and well-known brand impersonations.

By exploiting DNS systems and constantly rotating domains, they maintain their invisibility and flexibility—making it difficult for cybersecurity teams to catch up.

The Takeaway

Don’t trust online strangers offering too-good-to-be-true investments. As Infoblox warns, always verify claims independently and avoid clicking on suspicious links.

For organizations, Protective DNS solutions powered by real-time threat intelligence are key to blocking scam domains before they cause harm.