If you thought rabbits were harmless, think again — these ones aren’t chewing carrots, they’re chewing through billions of dollars.
In this edition, we're uncovering a sophisticated scam operation involving two cybercriminal groups hopping from fake domain to fake domain — and leaving a trail of victims behind.
Cybercrime groups Reckless Rabbit and Ruthless Rabbit are using a powerful tactic called Registered Domain Generation Algorithms (RDGAs) to flood the internet with fake websites for investment scams, phishing, and impersonation schemes — helping push U.S. scam losses to a staggering $5.7 billion in 2024.
How It Works:
- Automated Website Generation: Using RDGAs, the groups mass-produce and register thousands of fake domains that look real and trustworthy.
-
Deceptive Ads & Content:
- Reckless Rabbit uses Facebook ads with fake celebrity endorsements to lure users to bogus investment platforms.
- Ruthless Rabbit impersonates popular news sites and brands like WhatsApp or Meta to seem legitimate.
-
Advanced Cloaking:
- Ruthless Rabbit screens out bots and security researchers using cloaking tactics — only real users see the scam.
-
Wildcard DNS & URL Trickery:
- Both groups use wildcard DNS (any subdomain works) and dynamic URLs that constantly change, making detection extremely difficult.
Who’s Targeted:
- Anyone who uses Facebook, reads online news, or is looking for an investment opportunity.
- Global audience, but with localized content to make scams feel relevant.
- Ruthless Rabbit targets Eastern Europe specifically, spoofing local media and platforms.
Real-Life Example:
According to cybersecurity firm Infoblox, these groups are partially responsible for a $5.7 billion loss in U.S. investment scams in 2024.
“These victims weren’t being reckless—they were trying to build a future. Instead, they were manipulated, defrauded, and left more vulnerable than before.” – Infoblox
These criminals aren't working from basements — they’re running full-scale, international, automated operations.
Why You Should Care:
If you’ve ever clicked an ad with a famous face, or been tempted by an investment that “just makes sense,” you could’ve been a target. These scams are:
- Polished — with real-looking branding, websites, and stories.
- Automated — they move fast and adapt faster.
- Expensive — the losses are real and growing.
And because these scam sites are officially registered, your antivirus may not catch them in time.
How to Protect Yourself:
- Don’t trust investment offers in ads — especially those with celebrity faces.
- Search the domain on Google or a Whois lookup before clicking or entering any info.
- Look for inconsistencies — broken links, typos, or generic promises.
- Use DNS protection tools (like those from Infoblox or your ISP).
- Talk to a real financial advisor before sending money to any new platform.
Quick Tips & Updates:
Quick Tip #1: Did you know? RDGAs generate and register new domains continuously, making it nearly impossible to block them using traditional methods.
Pro Tip: If an investment site claims a celebrity endorsement — verify it through the celebrity's official channels or major news outlets. Scammers fake these endorsements constantly using AI.
Stay safe, stay informed.
Keywords Defined
- RDGA (Registered Domain Generation Algorithm): A technique used by scammers to generate and register huge numbers of fake websites that look real.
- Wildcard DNS: A configuration that allows any subdomain (e.g., xyz.scamdomain.com) to direct to the same scam content.
- Cloaking: A method that shows different content depending on who is visiting — scammers use this to hide their content from security systems.
- Spoofing: Faking the appearance of a trusted source like WhatsApp, CNN, or a financial expert to fool users.
- Protective DNS: A security service that blocks access to harmful or suspicious domains at the internet level.
To read more, kindly find source article here