Cybersecurity analysts have identified a coordinated scam campaign involving three fraudulent domains that share the same underlying infrastructure and were registered within a four-day period in late June and early July 2021. The domains lucer.co (registered June 29, 2021), brek.com (registered June 28, 2021), and sluggersplus.com (registered July 2, 2021) are all connected through shared infrastructure relationships with moderate confidence levels of 0.50. All three domains were registered through GoDaddy.com, LLC, suggesting a coordinated effort by the same threat actors.
The campaign appears to operate multiple fraud schemes targeting different consumer segments. Community reports reveal that lucer.co is being used to conduct fraudulent political surveys, with scammers impersonating "The American Opinion Research Center" and sending targeted text messages to residents in Missouri and Virginia. These messages claim to gather opinions on "important issues" in specific states and direct victims to the lucer.co domain. Meanwhile, brek.com operates as a fake hotel booking website that takes payments from consumers for non-existent accommodations. One reported victim paid $60 for a hotel room booking only to discover upon arrival that the hotel was closed and under construction, with the fraudulent company refusing to provide refunds.
The fraudulent survey operation demonstrates geographic targeting, with specific campaigns tailored to Missouri and Virginia residents. The scammers appear to use localized messaging to increase credibility, referencing state-specific issues and encouraging civic participation to lure victims. The fake hotel booking scheme represents a different vector of the same infrastructure-based operation, indicating the threat actors are running multiple concurrent fraud types through their connected domain network.
To protect yourself from these and similar scams, never click on links in unsolicited text messages or emails, especially those claiming to be surveys or requesting personal information. Legitimate research organizations typically contact participants through established methods and do not use suspicious short URLs. When booking travel accommodations, use only well-known, established booking platforms and verify hotel contact information independently. If you receive suspicious communications, hang up immediately if it's a phone call, do not click any links, and report the incident to the FTC at reportfraud.ftc.gov or to the FCC for unwanted texts and calls. You can check if a phone number or domain is safe by searching for it online along with terms like "scam" or "fraud" to see if others have reported it.
This campaign represents a moderate threat level due to the coordinated infrastructure and multiple active fraud schemes targeting different consumer segments. The geographic targeting of the survey scam and the financial losses from the fake booking site indicate organized criminal activity. Consumers should exercise heightened caution with any communications involving these domains, and cybersecurity professionals should monitor for additional domains that may be added to this infrastructure cluster.