Infoblox Threat Intel reports that investment scams cost U.S. consumers $5.7 billion in 2024, driven by two elusive cybercriminal networks, namely Reckless Rabbit and Ruthless Rabbit, which exploit digital trust to operate in plain sight.
Threat Actors Expanding Digital Footprints at Scale
The so-called Rabbit groups are named for their ability to rapidly expand their online footprint. Reckless Rabbit and Ruthless Rabbit use Registered Domain Generation Algorithms (RDGAs), a method that involves proactively registering each domain they generate.
“RDGA actors actively register each domain they generate, creating large fleets of scam-ready websites.”
The approach enables them to maintain hundreds of fraudulent sites simultaneously, even as some are taken down.
Social Engineering and Brand Exploitation via Paid Media
Reckless Rabbit’s primary tactic centres on social media, particularly Facebook ads, which are often embedded with fake celebrity endorsements to draw in unsuspecting investors.
“Reckless Rabbit mostly uses Facebook ads to lure victims to fraudulent investment platforms.”
The group tailors content to local languages and cultures, ensuring their schemes appeal to victims worldwide. Reckless Rabbit deploys wildcard domains to make detection even more challenging, which respond to any subdomain query. This tactic creates significant noise in DNS traffic, masking the group’s real operations.
Advanced Cloaking Methods to Evade Detection
Ruthless Rabbit employs cloaking technology to avoid detection, presenting malicious content only to specific targets while masking it from security tools.
“Ruthless Rabbit operates slightly differently, managing its own cloaking service to screen users before showing scam content.”
The group’s infrastructure mimics well-known brands and uses dynamic URLs that change immediately when domains are taken down.
Psychological Manipulation as a Core Attack Vector
According to Infoblox, the success of these scams hinges on exploiting two key emotions: chaos and trust.
“The scams’ success is based on two psychological factors: chaos and trust.”
Scammers utilise economic uncertainty and fear of missing out to pressure victims, while simultaneously building false trust through professional design, well-known logos, and fabricated endorsements.
Risk Mitigation Strategies for Consumers and Businesses
Consumers are urged to remain sceptical of unsolicited online investment offers, especially those involving celebrities.
“People should be highly sceptical of investment opportunities shared through unfamiliar websites, especially if they contain celebrity endorsements.”
Infoblox recommends deploying Protective DNS services to identify and block access to scam sites for organisations.
“By blocking access to malicious domains at the DNS level, companies can stop employees or customers from inadvertently visiting scam sites.”
Escalating Threat Requires Proactive Defence
Cybercriminal operations are scaling faster than takedown efforts can keep up. Infoblox’s research highlights how RDGA-driven domain creation and refined evasion tactics are fuelling the rise of groups like Reckless and Ruthless Rabbit.
“As long as scammers can exploit human psychology and digital loopholes, the need for vigilance and proactive defence will only grow,” Infoblox stated.