Nomani Investment Scam Surges 62% Using AI Deepfake Ads On Social...
The fraudulent investment scheme known as Nomani has witnessed an increase by 62%, according to data from ESET, as campaigns distributing the threat have also expanded beyond Facebook to include other social media platforms, such as YouTube.
The Slovak cybersecurity company said it blocked over 64,000 unique URLs associated with the threat this year. A majority of the detections originated from Czechia, Japan, Slovakia, Spain, and Poland.
Nomani was first documented by ESET in December 2024 as leveraging social media malvertising, company-branded posts, and artificial intelligence (AI)-powered video testimonials to deceive users into investing their funds in non-existent investment products that falsely claim significant returns.
When victims request payout of the promised profits, they are asked to pay additional fees or provide additional personal information, such as ID and credit card information. As is typical of investment scams of this kind, the end goal is financial loss.
It doesn't end there, for the fraudsters attempt to scam them again by making use of Europol- and INTERPOL-related lures on social media that promise assistance with getting their stolen funds back -- only to lose more money in the process.
ESET said the scam has since received some notable upgrades, including making their AI-generated videos more realistic in an effort to make it harder for prospective targets to spot the deception.
"Deepfakes of popular personalities, used as initial hooks for phishing forms or websites, now use higher resolution, have significantly reduced unnatural movements and breathing, and have also improved their A/V sync," the company noted.
The fabricated content has been found to often leverage topical events or personalities who are more widely seen in the public discourse to lend more credibility to the scheme. In one case observed in Czechia, a bogus news article falsely claimed the government was investing through one of its scam cryptocurrency platforms and generating substantial returns.
To ensure that their malicious ads are not caught by the platform's systems, the threat actors make sure that the campaigns are run only for a few hours. Another important change involves redirecting users to benign cloaking pages instead of external phishing forms in case they don't meet the targeting criteria.
"To further lower their footprint, attackers increasingly abuse legitimate tools offered by the social media ad framework, such as forms and sur
Source: The Hacker News
