A large-scale scam operation impersonating Singapore’s top officials has been uncovered by cybersecurity experts.
The operation uses verified Google Ads, fake news websites and deepfake videos to lure victims into a fraudulent investment platform. The scam falsely associates itself with Singapore prime minister Lawrence Wong and coordinating minister for national security K Shanmugam to appear credible.
According to a report published by Group-IB today, the campaign specifically targeted Singapore residents by configuring Google Ads to appear only to local IP addresses. Victims who clicked on the ads were funneled through a chain of redirect sites designed to conceal the final fraudulent destination – a Mauritius-registered forex investment platform.
Verified Google Ads and Redirect Networks
Investigators identified 28 verified advertiser accounts behind the campaign, mostly registered to individuals in Bulgaria, with others in Romania, Latvia, Argentina and Kazakhstan.
These accounts ran malicious Google Ads promising lucrative returns. The ads led users to 52 intermediary domains that redirected them to fake news pages impersonating outlets like CNA and Yahoo! News.
Group-IB also found that 119 malicious domains mimicked mainstream news sites. The fabricated CNA site, for instance, featured a deepfake video of prime minister Wong promoting the “Immediate Era” program, while a fake Yahoo! News article falsely depicted Shanmugam endorsing the platform.
Read more on AI-generated deepfakes and digital fraud trends: Deepfake Attacks Hit Two-Thirds of Businesses
Evasion and Psychological Pressure
To avoid detection, scammers used advanced evasion techniques including IP filtering, developer-tool detection and URL parameter gating, showing scam content only to real users in Singapore.
Once victims provided contact information, they were contacted by phone or email and pressured to invest. Withdrawals were often delayed or blocked with bureaucratic excuses.
The Mauritius-registered platform appeared legitimate due to its regulatory license. Still, Group-IB noted that its Cyprus-based parent company had faced multiple suspensions and lost its UK authorization in 2022.
Growing Trend of Sophisticated Fraud
Group-IB estimated that 3808 Singaporeans clicked on the malicious ads last month, with 685 redirected to scam sites. The team concluded that this case reflects the professionalization of online fraud, where criminals blend verified ad networks, licensing loopholes and AI-driven media manipulation to deceive users.
Experts warn that traditional red flags, such as poor grammar or suspicious URLs, are no longer reliable indicators. Users are advised to:
-
Independently verify investment claims
-
Avoid providing personal details on unfamiliar sites
-
Be skeptical of celebrity or official endorsements in online ads
“Both investigators and everyday users must now assess scams holistically,” Group-IB said.
“[Consider] technical, behavioral, and contextual indicators to identify deception effectively.”
