Full Report
Can you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think.
Analysis Summary
# Main Topic
The proliferation and increasing sophistication of deepfake scam advertisements, particularly targeting financial investments on social media platforms, making it difficult for users to distinguish them from legitimate marketing.
## Key Points
- Investment scams are a leading form of cybercrime, generating billions of dollars annually (e.g., nearly $6.6 billion hitting figures reported to the FBI).
- Threat actors leverage AI-generated deepfakes (videos of banking strategists, celebrities) to lend false veracity to fraudulent schemes.
- Scams often begin with misleading or malicious ads on social media (Facebook, Instagram, X, YouTube) used as lures to harvest personal information or direct victims to investment scams.
- Deepfake content often features low-quality videos, unnatural keyword repetition, and uses impersonation of credible targets (banks, local news media, political parties).
- Victims are convinced to hand over personal information, which is subsequently used to trick them into signing up for investment scams, taking out loans, or installing remote access software.
- A noted ESET observation saw a 335% increase in Nomani campaign-related threats between H1 and H2 2024.
## Threat Actors
- **General Cybercriminals:** Motivated by significant financial gain from investment fraud.
- **Nomani Trojan Campaign Operators:** Specifically mentioned in relation to distributing scams using fake ads across multiple platforms and linking to phishing sites impersonating local media.
## TTPs
- **Impersonation:** Mimicking legitimate financial institutions (e.g., BMO, EQ Bank via Instagram ads) or well-known personalities.
- **Deepfake Utilization:** Creating AI-generated video testimonials featuring banking experts or celebrities to build trust.
- **Localized Content:** Tailoring advertised themes to specific regional victims (e.g., referencing Elon Musk in North America or German political parties).
- **Distribution Channels:** Utilizing paid fake ads on major social platforms (Facebook, Instagram, X, YouTube) and messaging apps (Messenger, Threads).
- **Account Takeover:** Using fake or hacked accounts (including those with large followings, up to 300,000 followers) to run the malicious ads.
- **Luring/Phishing:** Directing victims to follow-up communications (e.g., WhatsApp investment groups) or phishing websites designed to steal credentials.
- **Social Engineering:** Using harvested personal data to conduct direct follow-up calls to coerce victims into financial actions or software installation.
## Affected Systems
- **Social Media Platforms:** Facebook, Instagram, X, YouTube, Messenger, and Threads.
- **End-User Devices:** Systems targeted for remote access software installation.
- **Victim Data:** Personal and financial information harvested during interactions.
## Mitigations
- **Critical Scrutiny of Ads:** Be wary of flashy ads offering unrealistically high returns or unusually high interest rates, even if they feature legitimate brands.
- **Verification of Endorsements:** Independently verify any celebrity or expert endorsements through official announcements, not just the ad itself.
- **Deepfake Detection:** Look for visual glitches, poor audio-video synchronization, low resolution, or robotic/overly polished voices in videos.
- **Resist Urgency:** Ignore pressure tactics demanding fast action to lock in guaranteed returns.
- **Independent Research:** Look for external online reviews concerning the investment scheme or group before engaging.
- **Contact Separation:** Never share personal/financial information after clicking an ad; contact known financial institutions directly via trusted, separate channels if verification is needed.
- **Security Software:** Utilize security software on all devices to block malware and potential scams.
- **Incident Response:** If scammed, immediately contact the bank to freeze cards and report the incident to authorities.
## Conclusion
The convergence of economic distress and advanced AI technology has led to a significant escalation in deepfake-driven financial scams distributed via social media advertising. Due to the sophisticated attempts to establish credibility (impersonation, localized content, deepfakes), traditional anomaly detection is often insufficient. A multi-layered defense combining extreme user skepticism towards unsolicited financial offers, rigorous independent verification, and robust endpoint security is crucial to counter this evolving threat landscape.