Some new online investment scams are no longer impersonating real companies in phishing attacks, but rather the company name, registration details and promised high return rates are entirely fake.
“The risks here are quite different,” explained Robert Duncan, vice president of product strategy at Netcraft. “The money involved in a successful campaign might range up from [thousands of dollars] from each victim, and the victim intentionally sends money in connection with the scam. Depending on the jurisdiction, banks may treat this quite differently to authorized payments made in other types of scams.”
Duncan added that online investment scams pose a significant threat to consumers and institutions, albeit with varying scale and impact. While individual consumers often bear the brunt of financial losses resulting from these fraudulent schemes, institutions may face risks such as reputational damage if impersonated or their stakeholders are affected, said Duncan.
“In some jurisdictions, this is also changing, with an increased expectation that banks are on-the-hook for losses in such scams,” explained Duncan. “Collaboration with regulatory bodies and industry partners is essential to disrupting this threat.”
In a March 13 blog post, Netcraft researchers pointed out that online investment scams have emerged as a global threat. These scams promise very high returns with no risks attached, and often claim to deliver “once-in-a-lifetime” opportunities for investors to make guaranteed returns overnight. The reseachers noted that in claiming to trade in forex, cryptocurrency, or other high-risk assets, the unsuspecting investor (victim) needs only to make an initial payment to take advantage. These guarantees are meaningless, the claimed investment is a sham, and the victim loses their money.
The numbers show that these scams have been growing. In data released last month, the Federal Trade Commission (FTC) attributed more than $4.6 billion of U.S. fraud losses in 2023 to investment scams, more than any other fraud category. And, the FBI’s 2023 Internet Crime Report noted that investment scams were “once again the costliest type of crime tracked by IC3.”
“Fake trading platforms create an entire ecosystem, including sophisticated websites and financial dashboards, to mimic real investment opportunities,” said Ted Miracco, chief executive officer at Approov. “This approach makes the scam extremely convincing as it involves interactive elements such as manipulated trading results and fake customer support, rather than straightforward impersonation or false claims. The scammers are now using the same marketing innovations as tech startups, except their end product is financial loss and deception.”
Leveraging bots, AI to scam investors
What sets one of these scams apart is their use of bots to simulate group chats with fake experts, creating an illusion of legitimate investment opportunities, explained Mika Aalto, co-founder and CEO at Hoxhunt. The attack combines our trust in and use of social media with our natural tendencies to trust authority figures, seek group validation, and pursue easy rewards, said Aalto. The peer pressure tactic has been used for a long time in multi-level marketing events and dubious timeshare property dinners, where actors are planted in the event to build a sense of community and pressure to act.
“Unlike traditional impersonation scams, these schemes create an entire ecosystem of deceit, offering not just a fake promise but a fake community and support system,” said Aalto. “This sophisticated approach to cybercrime highlights the dangers of combining psychological manipulation with the lure of significant financial gain, making it a particularly potent threat. In the future, with the use of AI-powered bots rather than script-following bots, these communities will be even harder to expose as fraudulent.”
These types of scams are successful because they use a convincing message, a real-looking financial application, and the ability to abuse our desire to get rich overnight, said Krishna Vishnubhotla, vice president of product strategy at Zimperium. Mobile devices, messaging, and social apps will only intensify the threat of online investment scams as they are omnipresent in daily life, providing continuous access for scammers to potential victims, said Vishunbhotla.
“The mobile platform allows scammers to cast a wide net and target specific individuals, which is really scary,” said Vishnubhotla. “Cloning legitimate financial applications and distributing them via phishing and third-party stores is easier than ever today. Since we inherently trust our personal devices, these fraudulent schemes will spread rapidly. Cybercriminals can execute sophisticated social engineering tactics and interact with individuals more directly and convincingly, thereby increasing the efficiency and reach of these scams.”
