By Shuchi Jain, 63SATS
The rise of artificial intelligence and social media has empowered fraudsters to orchestrate sophisticated investment scams, luring victims worldwide.
These scams often feature AI-generated content, such as video testimonials of public figures, and deceptive ads on social media platforms. The goal is to drive unsuspecting users to phishing websites that compromise personal and financial data.
Phishing Scam “Nomani” Explodes by 335%
Cybersecurity firm ESET has highlighted these growing threats in its H2 2024 Threat Report. One such scam, termed “Nomani” (short for “no money”), has surged by 335% between the first and second halves of 2024.
Fraudsters are reportedly creating over 100 new phishing URLs daily, using fake social media profiles and hijacked legitimate accounts to amplify their reach. These include profiles of small businesses, government agencies, and even influencers with tens of thousands of followers.
The scams frequently target past victims through fake Europol or INTERPOL messages, falsely claiming that stolen funds can be refunded by clicking a link. The fraudulent websites linked in these ads mimic legitimate news portals or cryptocurrency services under changing aliases, such as Quantum Bumex, Immediate Mator, or Bitcoin Trader.
Victims who enter their contact details are often pursued via phone, coerced into making investments in bogus products promising high returns. Some are pressured into taking loans or installing remote access apps, making it easier for scammers to steal funds.
Efforts to withdraw “profits” from these fake platforms result in further demands for fees and sensitive information, such as IDs and credit card details, leaving victims penniless and exposed. These scams resemble the “pig butchering” tactic, where victims are meticulously groomed and exploited over time.
Evidence suggests these scams may involve Russian-speaking threat actors, as indicated by Cyrillic code traces and the use of Yandex analytics tools. Operations are likely divided among groups specializing in account theft, phishing site creation, and call center fraud.
Social engineering remains a key factor, enabling scammers to bypass even advanced security measures. Victims often fall prey before recognizing the fraud.
A recent bust in South Korea highlights the global scale of this threat. Authorities dismantled a ring responsible for $6.3 million in losses through fake trading platforms.
As fraud techniques evolve, heightened awareness and vigilance are critical for individuals and organizations to protect themselves against these increasingly complex scams.