The “American Bank Trust” (Trut) Scam

Posted byAnti-phishing Leave a comment on The “American Bank Trust” (Trut) Scam

High-Fidelity Fintech Phishing


Origin: Nigeria | Platform: Fig (hellofig.app)

1. The Anatomy of the Scam

This screenshot shows a sophisticated phishing dashboard designed to look like a high-end online banking portal. The attacker is using a legitimate Fintech-as-a-Service (FaaS) platform, Fig, to build a believable user interface that mimics a real bank’s “Account Overview.”

2. Key Deception Indicators (Red Flags)

  • Typosquatted Domain: The URL americanbanktrut[.]hellofig[.]app contains a critical spelling error: “trut” instead of “trust.” Scammers use these minor typos to bypass automated keyword filters.
  • The “Bait” Balance: The dashboard displays a massive balance (e.g., $4,870,757.00). This is a psychological trigger designed to make the victim feel they have inherited or won a fortune, blinding them to the technical red flags.
  • Abuse of SaaS Platforms: By hosting the scam on hellofig.app, the attacker benefits from a valid SSL certificate and a clean reputation of the hosting provider, making the site appear “Secure” in browser address bars.

3. The Objective: Financial Harvesting

This is not just about stealing login credentials. This setup is used for:

  • Advance Fee Fraud: The victim is told they must pay a “transfer fee” or “activation tax” to access the multi-million dollar balance.
  • Data Harvesting: To “verify” the account, victims are asked to provide their real bank details, SSNs, and passport scans.

4. Expert Recommendation for Users

  • Never trust “Found” Money: If you didn’t open an account with a bank, any notification claiming you have millions waiting for you is 100% a scam.
  • Scrutinize the TLD: Legitimate banks operate on their own high-security domains (e.g., .com or .bank). They will never host their core banking login on a sub-domain of a design or fintech builder like .hellofig.app.
  • Verify Spelling: Professional financial institutions have rigorous QA; a typo in the URL is a definitive sign of fraud.

5. Logic for Moderation Systems

To detect this, your system should flag:

  • Pattern: [High-Value Financial Keywords] + [Known Low-Cost/SaaS Subdomains].
  • Anomaly: A “Bank” portal originating from a geographic region (Nigeria) inconsistent with the bank’s headquarters (USA).

Leave a comment

Your email address will not be published. Required fields are marked *