Can you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think.
As economic uncertainty and persistent inflation are eroding our pay checks and imperilling our pensions, it’s not surprising that many of us are looking to make our money go a bit further. Unfortunately, scammers are preying on this need with increasingly sophisticated schemes on social media.
Could you tell the difference between a real and a fake investment ad? It’s getting increasingly difficult to do so. Threat actors now have a variety of tactics at their disposal to add veracity to their schemes, including AI-generated deepfake videos.
Read on to find out what they’re up to, and how to keep your money out of their grasp.
How do financial deepfake scams work?
Investment scams have been the biggest money-maker for cybercriminals for several years, according to the FBI. At the last count, they made nearly $6.6 billion – and that’s just from crimes reported to the Feds. It dwarfs the $2.8 billion made from second-placed business email compromise (BEC).
There are, of course, many tactics, techniques and procedures (TTPs) associated with this type of fraud. But many start with malicious or misleading ads circulated on social media. These are usually deployed as a lure to trick the victim into either handing over personal information or direct them straight to an investment scam.
A great example of such campaigns was observed in June 2025, where Instagram ads impersonated legitimate banks. Some used tempting offers like high-interest rate accounts in an attempt to persuade the victim to click through and enter their banking logins. Others use deepfake Instagram stories featuring banking investment strategists to harvest personal info and/or lure them to investment scam-themed WhatsApp groups.
Another example is the Nomani Trojan campaign observed by ESET in 2024. The content of the ads, and the phishing websites they link to, is designed to impersonate local news media and other organizations. Or else it could be a generic financially themed visual with frequently changing names like “Quantum Bumex, Immediate Mator, or Bitcoin Trader.”
Other characteristics of the Nomani campaign (and other, similar campaigns) include:
- Highly localized content to appeal to specific regional victims (e.g., Elon Musk in North America, Lufthansa or the CDU political party in Germany)
- Distribution via fake ads on Facebook, Instagram, X, YouTube, as well as Messenger and Threads
- Deepfake video testimonials potentially using celebrities, often shown in low-quality videos and with unnatural repetition of keywords
- Use of fake and hacked accounts to run the ads (including, in one case, an actor with 300,000 followers)
- Shared templates and callbacks pointing to the same hosting infrastructure
In this campaign, the goal is to persuade the victim to hand over their personal information, which is used by the scammers to call them directly. They’ll use this approach to trick them into signing up to an investment scam, take out a loan, or even install remote access software on their device. ESET observed a 335% increase in Nomani threats between H1 and H2 2024, and blocked over 8,500 related domains.
Why do we keep falling for these scams?
On paper, these TTPs seem obvious indicators of fraud. But in reality, it can be much harder to spot them, especially if we’re looking for opportunities to relieve mounting cost-of-living pressures. In short, we keep falling for scams like fraudulent finance ads because:
- Times are tough for many of us, and the chance of some quick-and-easy financial wins appeals
- Our attention spans are declining, especially on mobile devices, so warning signs may not be spotted in time
- Many of us aren’t familiar with the latest threat TTPs, such as using deepfake videos, which makes us more vulnerable
- Many of these threats are localized, use legitimate (hijacked) accounts and can appear high up on search rankings
- Traditional anti-fraud mechanisms from banks don’t often work if we are socially engineered over the phone to invest in a fraudulent scheme
How to stay safe
Investment scams like the above are an increasingly common site. Stay clear of them by spotting the warning signs:
- Flashy ads (potentially leveraging legitimate brands) that offer too-good-to-be-true returns or unusually high interest rates
- Celebrity endorsements – always check, e.g. in official announcements, if the endorsement is legitimate.
- Videos which don’t look quite right, e.g. visual glitches, poor audio-video sync, low resolution, or robotic or overly polished voices,
- Pressure to act fast to lock in an investment
- Guaranteed ROI
Consider the following steps to keep your personal information and finances under lock and key:
- Look out for the warning signs listed above
- Resist the urge to click through on finance/investment ads, even if they appear to be promoted by legitimate brands and individuals
- Look for online reviews about a specific investment scheme or group to check its veracity
- Never invest in a financial product unless you understand how it works and how to get your money back
- Ignore any unsolicited approaches by third parties
- Never share your personal and/or financial information after clicking through from an online ad. Contact the provider separately if it’s a well-known financial institution
- Consider using security software on all devices from a trusted provider like ESET, which will go a long way towards blocking malware and scams
In a worst-case scenario where you think you’ve been scammed, contact your bank to freeze any relevant cards. Monitor your account closely for suspicious transactions. And report the incident to the police/authorities. Stay safe out there.
