Full Report
Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others drive traffic to phishing pages. [...]
Analysis Summary
# Tool/Technique: AI Deepfake Scams via Instagram Ads (BMO/EQ Bank Themed)
## Overview
This describes a financially motivated social engineering campaign leveraging **AI deepfake technology** disseminated through **Instagram advertisements** impersonating legitimate financial institutions (specifically mentioning BMO and EQ Bank). The primary purpose is to trick banking customers into fraudulent schemes, likely involving credential harvesting or unauthorized transactions.
## Technical Details
- Type: Technique (Social Engineering / Financial Scam)
- Platform: Social Media Platforms (Instagram), targeting end-users on various operating systems/devices accessing the platform.
- Capabilities: Creating highly realistic, deceptive video/audio content (deepfakes) to mimic trusted entities, distributing this content via paid advertising mechanisms.
- First Seen: Not specified, but part of a "rise" in high-fidelity scams.
## MITRE ATT&CK Mapping
This activity primarily focuses on the initial access and impact phases targeting the user, rather than traditional endpoint compromise.
- **TA0001 - Initial Access**
- T1583.004 - Services: Compromise Infrastructure: Social Media Services (Using paid ads as the vector)
- **TA0003 - Persistence** (Implied, as the goal is long-term financial fraud)
- **TA0011 - Command and Control** (If a subsequent phishing/credential harvesting site is used)
- **TA0010 - Collection**
- T1566.002 - Phishing: Spearphishing Via Service (Using a social media ad as the initial lure)
## Functionality
### Core Capabilities
- **Impersonation:** Creating deepfakes to impersonate banking officials or use official bank branding (BMO, EQ Bank).
- **Distribution:** Utilizing paid advertising slots on Instagram to ensure widespread and targeted delivery of the fraudulent content to potential victims.
- **Luring:** Presenting an offer or urgent scenario designed to encourage users to click the advertisement link.
### Advanced Features
- **High-Fidelity Deception:** Employing AI deepfake technology to generate convincing visual and possibly auditory representations, increasing the likelihood that users will trust the message.
## Indicators of Compromise
*Note: The provided article describes a *technique* using advertising platforms, not specific malware, hashes, or C2 servers associated with a specific piece of malware. Indicators are focused on the delivery mechanism.*
- File Hashes: N/A (Focus is on advertising content, not dropped files)
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: Any linked URLs advertised in the Instagram scam placements, which would lead to phishing pages. (Must be obtained from visual inspection of the scam ads, none provided defanged).
- Behavioral Indicators: A sudden influx of advertisements on Instagram promoting financial services (like BMO or EQ Bank) that link to suspicious, non-official domains requesting personal or banking information.
## Associated Threat Actors
Threat actors involved in financial fraud, identity theft, or business email compromise (BEC) that leverage social engineering and readily available AI tools to enhance phishing campaigns. Specific threat groups are not named in the context provided.
## Detection Methods
- Signature-based detection: Not applicable for dynamic ad content unless specific known scam domains are blacklisted.
- Behavioral detection: Monitoring for sudden, high-volume ad campaigns promoting financial services outside of the bank's official advertising schedule or using illegitimate landing pages.
- YARA rules: Not applicable.
## Mitigation Strategies
- **User Caution:** Urge customers to exercise extreme caution when encountering online promotions, even if they appear to be from legitimate organizations on social media.
- **Verification:** Instruct users to verify legitimacy by contacting the financial institution directly through **official, known channels** rather than clicking links in ads.
- **Platform Action:** Financial institutions (like EQ Bank) are actively contacting platforms to have fraudulent ads removed.
- **Verification Badges:** Users should check for verified badges on the posting account, though this is not a guarantee of legitimacy.
- **Principle of Skepticism:** If an offer "looks too good to be true, it probably is."
## Related Tools/Techniques
- AI Deepfake Generation Tools (Used to create the scam content).
- Phishing Kits (Used on the landing pages linked from the ads).
- Social Media Ad Fraud (The underlying delivery mechanism).