Bitdefender says Australia has been targeted as part of a coordinated global investment scam network using thousands of fraudulent ads across Meta Platforms’s social platforms.
According to new research from Bitdefender Labs, the scam operation involved 310 coordinated campaigns and more than 26,000 malicious advertisements running between 9 February and 5 March, spanning at least 25 countries and appearing in more than 15 languages.
The ads were designed to mimic legitimate financial opportunities or breaking news reports, often using familiar media formats, public figures and brand identities to encourage clicks.
Australian identities used in scam creative
Among the Australian examples identified was a fake news-style execution featuring Matt Comyn, chief executive officer of Commonwealth Bank, alongside finance commentator Ross Greenwood and investigative reporter Adele Ferguson.
The fabricated story presented itself as a dramatic television segment before directing users toward what appeared to be a national investment platform.
In practice, the ads were designed to funnel users into deposit-based investment scams.
A familiar fraud funnel
Bitdefender said most campaigns followed a repeatable structure.
Users first encountered a sponsored Facebook post framed as a breaking financial story, a scandal, or an exclusive opportunity. Clicking the ad triggered a series of redirects before landing users on a fraudulent article or investment landing page designed to resemble legitimate media or financial content.
Victims were then prompted to submit personal details including name, phone number and email address.
Once details were captured, scammers typically moved communication offline, contacting victims by phone, text or email while posing as investment brokers.
Researchers said victims were then pressured to make an initial deposit, often shown fake trading dashboards displaying fabricated profits to encourage larger transfers.
In many cases, users later found they could no longer withdraw funds.
A coordinated international operation
Bitdefender said the volume and consistency of the campaigns suggest a highly organised scam infrastructure operating across multiple regions simultaneously.
Researchers identified shared technical fingerprints across campaigns, indicating the reuse of common infrastructure or scam toolkits across markets.
This allowed operators to quickly localise names, headlines and public figures depending on country while keeping the underlying fraud mechanics unchanged.
The company also identified several tactics designed to avoid moderation systems, including redirect chains, spoofed domains and the use of visually similar characters in website names.
The campaigns have appeared across Europe, North America, South America, Asia, Oceania and Africa, with public figures and local narratives adjusted market by market.
Bitdefender says the scam ecosystem remains active, with domains, narratives and ad accounts continuing to rotate to avoid detection.
Feature Image: AI generated