AI-Powered Investment Scams Targeting Victims Worldwide
Cybersecurity experts have raised the alarm about a new and increasingly sophisticated type of investment scam that leverages artificial intelligence (AI), social media platforms, and phishing techniques to deceive unsuspecting victims and steal their money and personal information. These scams have grown significantly in 2024, exploiting the trust of individuals through deceptive ads, fake testimonials, and phishing websites designed to appear legitimate.
The Emergence of Nomani Scams
Cybersecurity firm ESET has identified this new type of scam under the name “Nomani,” a play on the phrase “no money.” According to ESET’s H2 2024 Threat Report, the Nomani scam has surged by over 335% from the first half (H1) to the second half (H2) of 2024. The number of fraudulent URLs detected daily has averaged over 100 new sites from May to November 2024.
These scams are characterized by the use of AI-powered video testimonials, often featuring well-known personalities or micro-influencers, to create a sense of legitimacy and trust. The scammers aim to direct victims to phishing websites that mimic legitimate local news media or use logos and branding from reputable organizations. The goal is to collect personal information like contact details, IDs, and financial data under the guise of offering investment opportunities.
Also Read: Optum AI Chatbot Security Flaw Raises Major Concerns
Social Media as a Primary Distribution Channel
The scammers utilize social media platforms such as Facebook, Instagram, Messenger, Threads, and even Google to distribute these fraudulent ads. They exploit a combination of fake profiles, stolen legitimate profiles, and newly created accounts with minimal followers and activity to spread their malicious content.
In many cases, the ads include lures that appear to be from trusted organizations such as Europol or INTERPOL, enticing victims into believing they have been scammed and need help recovering their stolen money. Clicking on these ads redirects users to fake investment sites that offer promises of significant returns.
Phishing Websites and Fake Investment Products
The phishing websites associated with these scams are designed to appear convincing. They often advertise cryptocurrency management solutions under fraudulent names like Quantum Bumex, Immediate Mator, or Bitcoin Trader. These sites request personal information such as phone numbers, addresses, and financial details.
Once a victim provides their details, the scammers proceed to manipulate them into investing their money into non-existent or fraudulent investment products. Victims may also be coerced into taking out loans or installing remote access applications on their devices. When victims attempt to withdraw their “profits,” they are met with further demands for fees, IDs, and credit card information, leading to complete financial and data loss.
Also Read: BBC Files Complaint with Apple Over AI-Generated Fake News
Russian-Speaking Threat Actors Behind Nomani Scams
There is strong evidence linking Nomani scams to Russian-speaking cybercriminal groups. ESET has identified source code comments written in Cyrillic, along with the use of Yandex tools for visitor tracking. These scammers operate like well-coordinated operations, akin to other major scam campaigns such as Telekopye, involving different groups responsible for various aspects of the scam, including phishing infrastructure, ad abuse, and call centers that interact with victims.
The scammers employ social engineering tactics, building trust with victims to outmaneuver even bank verification systems meant to prevent fraud. This makes the Nomani scams particularly dangerous, as they successfully exploit vulnerable targets.
International Law Enforcement Actions and Outcomes
Recent law enforcement actions have revealed the scale of these fraudulent operations. In South Korea, authorities dismantled a major fraud network, Operation MIDAS, which defrauded nearly $6.3 million from victims using fake online trading platforms. The scam involved fake online trading systems that communicated with real brokerage firms to show real-time stock price information, creating a false sense of authenticity. However, these systems did not conduct any actual stock trades but instead collected unauthorized information from users’ screens to steal their money.
Also Read: Insights from Ilya Sutskever: Superintelligent AI will be ‘unpredictable’
Preventing AI-Powered Investment Scams
To protect yourself from falling victim to these scams, consider the following preventive measures:
- Verify Sources: Always verify the legitimacy of investment opportunities, especially when promoted via social media.
- Avoid Clicking Suspicious Links: Do not click on links shared in unsolicited messages, emails, or ads promising guaranteed returns.
- Use Secure Communication Channels: Communicate directly with trusted organizations or companies via official channels to avoid falling victim to phishing attempts.
- Be Skeptical of AI-Generated Testimonials: AI-generated testimonials and videos featuring famous personalities are often designed to create a false sense of legitimacy.
- Educate Yourself and Others: Stay informed about the latest cybersecurity threats and share this knowledge with friends and family to help protect them from similar scams.
Conclusion
AI-powered investment scams, such as Nomani, have evolved into a dangerous form of financial fraud that targets victims worldwide. These scams exploit advanced technologies, social media platforms, and phishing websites to deceive and steal personal and financial information. Law enforcement actions and cybersecurity experts continue to track and dismantle these operations, but it is crucial for individuals to stay vigilant and adopt preventive measures to protect themselves from becoming victims.
FAQs
1. What is an AI-powered investment scam?
An AI-powered investment scam leverages artificial intelligence, social media, and phishing techniques to create fraudulent investment opportunities designed to steal personal and financial information.
2. How do these scams operate?
Scammers use fake profiles, social media ads, and phishing websites that imitate legitimate organizations to collect personal information from victims, who are then manipulated into making fake investments.
3. Who is behind the Nomani scams?
The Nomani scams are believed to be the work of Russian-speaking cybercriminal groups, as evidenced by the use of Cyrillic comments in their source code and tools like Yandex for tracking.
4. What are the typical signs of AI-powered investment scams?
Signs include AI-generated testimonials featuring celebrities or influencers, suspicious links on social media, fake investment websites, and promises of high returns with minimal risk.
5. How can I protect myself from these scams?
Verify sources, avoid clicking on suspicious links, use secure communication channels, be skeptical of AI-generated content, and stay informed about cybersecurity threats.
6. What are common investment schemes associated with these scams?
Common schemes include fake cryptocurrency management solutions, non-existent investment platforms, and bogus stock trading systems.
7. Are these scams limited to specific regions?
No, these scams target victims globally and use various tactics that exploit international networks and communication channels.
8. How can law enforcement help combat these scams?
Authorities are taking down fraudulent networks, seizing servers, and arresting individuals involved in running these operations.
9. What role does Yandex play in these scams?
Yandex tools are used for tracking website visitors and analyzing traffic, aiding in the spread of phishing websites and malvertising.
10. Is there a specific group responsible for the technical aspects of these scams?
Yes, different groups manage various aspects of the scam, such as phishing infrastructure, ad abuse, and call center operations.