A. M. Given the economic uncertainty, it’s no surprise that investors are looking for alternatives to make their money go further. This is leading users with little investment experience to become interested and take their first steps. ESET, a leading company in proactive threat detection, warns that scammers are taking advantage of this need with increasingly sophisticated scams on social media and warns that AI-powered scams produce fake ads, deepfakes, and promises of ridiculous profits that seek to deceive even the most cautious users.
“Could you distinguish between a real investment ad and a fake one? It is becoming increasingly difficult to do so. Threat actors today have a variety of tactics to make their scams more credible, including AI-generated deepfake videos. While there are many tactics, techniques, and procedures (TTPs) associated with this type of fraud, most begin with malicious or deceptive ads circulating on social media. They are often used as a lure to trick the victim, either into providing personal information or directly directing them to an investment scam”, says Camilo Gutiérrez Amaya, Head of the ESET Research Lab.
According to the FBI, investment-related scams have been the primary source of revenue for cybercriminals for several years. At last count, they earned nearly $6.6 billion, and that’s just from crimes reported to the federal government. This figure dwarfs the $2.8 billion earned by the second-largest scam, business email compromise (BEC).
An example of this type of campaign was identified in June 2025, when Instagram ads impersonated legitimate banks. Some used tempting offers, such as high-interest accounts, to persuade the victim to click and enter their banking information. In other cases, they used deepfake Instagram stories featuring banking investment strategists to collect personal information and/or lure them into WhatsApp groups themed around investment scams. A 2024 campaign that spread a fake video of Lionel Messi to promote supposed investments through an app that promised ridiculously high returns.
Also in 2024, ESET observed the Nomani Trojan campaign. The ad content and the phishing websites they linked to were designed to impersonate local news outlets and other organizations. Alternatively, it could be a generic financial-themed visual with frequently changing names such as “Quantum Bumex, Immediate Mator, or Bitcoin Trader.” Some of the characteristics of the Nomani campaign (and other similar campaigns) include:
• Highly localized content to attract specific regional victims.
• Distribution via fake ads on Facebook, Instagram, X, YouTube, as well as Messenger and Threads
• Deepfake video testimonials potentially using celebrities, often displayed in low-quality videos and with unnatural repetition of keywords
• Use of fake and hacked accounts to run the ads (including, in one case, an actor with 300,000 followers)
• Shared templates and callbacks pointing to the same hosting infrastructure
In this campaign, according to ESET, the goal is to persuade the victim to provide their personal information, which the scammers then use to contact them directly. They use this method to trick them into signing up for an investment scam, taking out a loan, or even installing remote access software on their device. ESET observed a 335% increase in Nomani threats between H1 and H2 2024, and blocked more than 8,500 related domains.
While these techniques seem like clear indicators of fraud, they can be much more difficult to detect, especially if you are looking for opportunities to alleviate financial pressures. ESET states that the continued effectiveness of these types of scams, such as fraudulent financial ads, is due to:
• Times are tough, and the prospect of quick and easy financial gain is appealing.
• Attention spans are decreasing, especially on mobile devices, so warning signs may not be noticed in time.
• Many people are unfamiliar with the latest threat TTPs, such as the use of deepfake videos, making them more vulnerable.
• Many of these threats are localized, use legitimate (hijacked) accounts, and can appear at the top of search results.
• Banks’ traditional anti-fraud mechanisms often don’t work if the manipulation is also carried out socially over the phone to invest in a fraudulent scheme.
Investment scams are very common, and ESET points out that it’s important to pay attention to these warning signs:
• Flashy ads (which may leverage legitimate brands) offering returns that are too good to be true or unusually high interest rates.
• Celebrity endorsements are often used to create a sense of legitimacy. Always check if the endorsement is legitimate.
• Videos that do not look entirely right, for example, with visual glitches, poor audio and video synchronization, low resolution, or robotic or overly polished voices.
• Pressure to act quickly and secure the investment.
• Guaranteed return on investment.
They also advise staying alert to warning signs, resisting the temptation to click on ads about finance or investments, even if they appear to be promoted by legitimate brands and individuals, searching online for reviews of a specific investment plan or group to verify their authenticity, not investing in a financial product without having thoroughly researched it and fully understood how it works, ignoring any unsolicited third-party offers, never sharing personal and/or financial information after clicking on an online ad, and always checking the information circulated with the institution through official channels. Finally, use security software on all your devices from a trusted provider like ESET, which will help block scams.
“In times of economic uncertainty, it’s understandable that we look for alternatives to improve our financial situation. But scammers are exploiting this very need with increasingly sophisticated tactics. Therefore, being wary of what’s easy, recognizing the warning signs, and protecting your personal data is essential to avoid falling for this type of scam,” concludes the ESET researcher.
