Cybersecurity experts have uncovered a new, sophisticated investment scam that combines AI-generated video testimonials, malicious social media ads, and deceptive company-branded posts to target unsuspecting victims worldwide, leading to devastating financial and data theft.
How the Scam Works
According to ESET's H2 2024 Threat Report shared with The Hacker News, the campaign—dubbed Nomani (a wordplay on "no money")—has seen a 335% surge between H1 and H2 2024. Researchers identified over 100 new fraudulent URLs daily between May and November 2024.
The scheme operates through:
- Malvertising on Social Media: Fraudsters publish fake ads using stolen or compromised profiles linked to small businesses, government agencies, and influencers.
- False Promises of Refunds: Victims previously scammed are often targeted with fake Europol or INTERPOL messages, urging them to reclaim their stolen funds by clicking malicious links.
- AI-Powered Deception: Scammers use AI-generated videos featuring deepfake testimonials from celebrities to appear legitimate.
Distribution Methods
These fraudulent ads spread through multiple channels, including:
- Fake profiles with minimal followers and hard-to-remember names.
- Messenger, Threads, and Google reviews containing deceptive links.
Victims clicking on these links are directed to phishing websites that impersonate local news outlets, abuse official logos, and claim to promote cryptocurrency investment tools like "Quantum Bumex," "Immediate Mator," or "Bitcoin Trader."
Stages of the Scam
- Phishing for Personal Information: Victims are lured into providing contact details on fake websites.
- Direct Manipulation: Scammers collect the data to call victims, persuading them to invest in non-existent products promising "unbelievable gains."
- Deeper Exploitation: Victims are manipulated into taking loans, installing remote-access apps, or paying additional fees to "unlock profits."
When victims attempt to withdraw funds, the scammers demand further personal details like IDs and credit card information, eventually disappearing with both the money and data. This method mimics the infamous pig butchering scams.
Who's Behind It?
Evidence points to Russian-speaking threat actors due to:
- Cyrillic comments in source code.
- Use of Yandex tools for tracking visitors.
Similar to large-scale scams like Telekopye, different groups likely handle separate components of the scam, including:
- Stealing and abusing Meta accounts.
- Building phishing websites.
- Running call centers to manipulate victims.
"Scammers leverage social engineering tactics to bypass even banks' security verification mechanisms," warns ESET.
A Global Concern
This development aligns with South Korean authorities' recent takedown of a $6.3 million fraud network under Operation MIDAS. The scam involved fake online trading platforms that lured victims via:
- SMS, phone calls, and YouTube videos.
- Chat groups on platforms like KakaoTalk.
The fraudulent trading systems tricked victims into believing real-time stock trades were occurring by displaying authentic price data. However, the core software simply captured user screens to spy on personal information and prevent fund withdrawals.
Final Thoughts
As scams become increasingly sophisticated, leveraging AI and social media, cyber awareness is crucial. ESET recommends verifying investment opportunities, avoiding unsolicited ads, and never sharing sensitive data through unknown platforms.
Stay vigilant. Protect your investments.