Global AI-Powered Investment Scam Exploits Social Media to Deceive Victims

Cybersecurity researchers have uncovered a sophisticated new investment scam targeting users through social media malvertising, AI-generated video testimonials, and fraudulent company-branded posts. The scam, known as Nomani, has already led to substantial financial and data losses, with experts warning that its reach is growing rapidly.

In its latest H2 2024 Threat Report, cybersecurity company ESET revealed that the fraud grew by over 335% between the first and second halves of the year, with new phishing URLs popping up daily. The scam uses artificial intelligence to create video testimonials featuring well-known personalities, misleading potential victims into thinking they’re making a sound investment.

“The primary objective of the fraudsters is to lure individuals into phishing websites and forms that steal sensitive personal information,” ESET said in its report.

The scam’s method is simple but effective. Fake and stolen profiles, often associated with small businesses, micro-influencers, and even governmental entities, promote fraudulent ads on social media platforms. In some cases, they specifically target individuals scammed by leveraging lures about Europol and INTERPOL, offering refunds for stolen funds.

These ads often appear on platforms like Facebook and Instagram and messaging services like Messenger and Threads. ESET observed that the scam is further spread by newly created profiles with minimal activity, which use deceptive Google reviews to boost credibility.

The phishing websites linked through these ads often mimic local media sites and use stolen logos and branding from legitimate organizations. Sometimes, they promote fake cryptocurrency management solutions, changing their names regularly to avoid detection; examples include Quantum Bumex, Immediate Mator, and Bitcoin Trader.

Once victims are on the fraudulent sites, scammers trick them into providing their details, which are used in follow-up phone calls. These calls manipulate individuals into investing money in non-existent, high-return investment products. Victims are sometimes even persuaded to take out loans or install remote access apps to give scammers full control over their devices.

“The fraudsters demand additional fees when victims request a payout, and they ask for further sensitive information, such as ID and credit card details,” ESET said. “Ultimately, the scammers take both the victims’ money and data, vanishing with no trace, resembling the notorious ‘pig butchering’ scam.”

Evidence suggests that the Nomani scam is the work of Russian-speaking cybercriminals, as researchers found source code comments in Cyrillic and traces of Yandex tools for visitor tracking. Much like other large-scale operations, such as the Telekopye scam, different groups are likely responsible for each stage of the attack, from the theft of Meta accounts to managing phishing infrastructure and running call centers.

ESET highlighted that scams often outsmart even the best fraud prevention mechanisms, including bank verification systems. Through social engineering tactics, scammers build trust with their targets, bypass security measures, and successfully convince victims to hand over both money and personal data.

This new development follows a recent operation by South Korean law enforcement, dismantling a large-scale fraud ring that scammed nearly $6.3 million from victims. MIDAS led to the seizure of over 20 servers and the arrest of 32 individuals involved in the fraud scheme. Like the Nomani scam, this network also lured victims through SMS and phone calls, using fake online trading platforms to trick individuals into investing funds through deceptive YouTube videos and chatrooms on KakaoTalk.

Authorities emphasized that the illicit home trading system (HTS) programs involved in the scam provided fraudulent stock price data while secretly collecting unauthorized information from users’ screens and refusing to return any invested funds.

As these scams become more sophisticated, cybersecurity experts urge users to remain vigilant, report suspicious activity, and be cautious of unsolicited investment opportunities online.