Cybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media malvertising, and phishing tactics to steal money and personal data.
Known as Nomani — a play on "no money" — this scam grew by over 335% in H2 2024, with more than 100 new URLs detected daily between May and November, according to ESET's H2 2024 Threat Report.
"The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest their personal information," ESET noted in the report shared with The Hacker News.
Nomani campaigns rely heavily on fraudulent ads across social media, often impersonating legitimate brands and trusted entities. In some cases, scammers target previous victims, using Europol- and INTERPOL-themed lures promising refunds or assistance in recovering stolen funds.
The ads come from stolen legitimate profiles, fake business accounts, and micro-influencers with significant follower counts. ESET highlights that "another large group of accounts frequently spreading Nomani ads are newly created profiles with easy-to-forget names, a handful of followers, and very few posts."
Once victims click the links, they are led to phishing websites that mimic trusted local news outlets or advertise cryptocurrency management tools with flashy but fraudulent names like Quantum Bumex, Immediate Mator, or Bitcoin Trader. These fake pages collect contact details and bait victims into further interaction.
Cybercriminals then exploit the gathered data to directly call victims, manipulating them into investing in fake investment products that appear to show massive returns. Victims are sometimes pressured to take loans or install remote-access software, giving the scammers even greater control.
"When these victim 'investors' request payout of the promised profits, the scammers force them to pay additional fees and to provide further personal information such as ID and credit card information," ESET explained. "In the end, the fraudsters take both the money and data and disappear – following the typical pig butchering scam."
ESET believes Russian-speaking threat actors are behind Nomani, citing Cyrillic code comments and the use of Yandex tools. Similar to large operations like Telekopye, these attacks appear to involve organized teams handling social media accounts, phishing sites, and call center operations.
"By using social engineering techniques and building trust with the victims, scammers often outmaneuver even the authorization mechanisms and verification phone calls the banks use to prevent fraud," ESET warned.
As AI and social engineering schemes grow more sophisticated, awareness and vigilance remain critical in combating scams like Nomani.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
TheHackerNews has the story.
How BreachSim works:
