Facebook Scammers Use Fake News Clips to Lure Victims into Investment Schemes
Cybercriminals Using Fake Scandal Clips to Lure Victims into Investment Scams
Cybercriminals have been using fake scandal clips to lure victims into investment scams, according to a recent report by Bitdefender researchers. Between February 9 and March 5, 2026, the researchers identified 310 malvertising campaigns on Meta platforms that used sensationalized stories, celebrity impersonation, and redirect chains to funnel victims into investment fraud schemes. These campaigns generated over 26,000 ad sightings in more than 15 languages.
Scam Narrative Themes
The scams relied on three main narrative themes: “Celebrity Will/Testament,” “Banking/Financial Scandal,” and “Political Figure Exposure.” These storylines were designed to be emotionally compelling and reusable, making them effective on social media platforms. The “Celebrity Will/Testament” theme, for example, claimed that a famous person had left behind a secret investment strategy or inheritance that could make ordinary people wealthy. The “Banking/Financial Scandal” theme staged dramatic confrontations involving financial regulators or bank executives, while the “Political Figure Exposure” theme made sensational claims about politicians.
Scam Operation
Once victims clicked on one of these ads, they were directed to a preview page that rarely hosted the scam itself. Instead, a redirect chain moved the visitor to another destination, often presenting a dramatic news article or breaking story connected to the original ad. This narrative introduced an investment platform and urged readers to register by providing basic personal information such as name, phone number, and address.
After submitting the registration form, victims received calls from individuals posing as account managers or investment advisors. These callers guided targets through initial deposits and encouraged additional transfers, promising high returns and limited-time opportunities. The platform interface showed account dashboards with rising balances meant to suggest successful trades, but these figures were fabricated to persuade victims to send more money.
Scam Infrastructure
The scam infrastructure was designed to evade moderation, using tactics such as whitelisted domain preview abuse, fake media domains, and Cyrillic homoglyph substitution to bypass automated filters. Bitdefender researchers also observed creative churn, domain rotation, and the migration of techniques between regions, allowing the campaigns to remain active in multiple markets.
Operational Indicators
Operational indicators suggested a shared management layer within parts of the ecosystem, with Russian-language metadata appearing in several European scam campaigns. However, researchers found no evidence of state sponsorship, intelligence agency involvement, or political direction, suggesting that the activity is financially motivated.
Scam Structure
The structure of the scam resembled a modular franchise, with shared tooling and a common playbook supporting region-specific operators who could deploy localized scams without altering the monetization model. Reuse was evident in overlapping infrastructure, shared UTM and pixel signatures, coordinated launch timing, and recurring narrative templates adapted to local personalities and media brands.
Meta’s Response
In response to growing pressure to protect users, Meta has been taking steps to combat scam ads on its platforms. The company has filed lawsuits targeting companies and individuals who use deceptive tactics to run scam ads and has introduced new tools to protect users from scams.
About Author
English