The Nomani investment scam is a large-scale phishing and social engineering campaign that exploits AI-powered deepfake technology to create convincing video testimonials and advertisements on social media platforms, including Facebook and YouTube. First identified in December 2024 by Slovak cybersecurity firm ESET, the scam has grown by 62% in 2025, with over 64,000 unique malicious URLs blocked. The attackers use AI to generate high-resolution, realistic deepfakes with improved audio-visual synchronization and reduced unnatural movements, making it difficult for victims to discern the fraud. These videos often feature fabricated endorsements by popular personalities or false government investment claims to lend credibility. The campaign uses short-duration ad runs and cloaking techniques, redirecting non-targeted users to benign pages to avoid detection by platform security systems. Attackers also abuse legitimate social media advertising tools such as embedded forms and surveys to harvest sensitive personal and financial information without redirecting users to external phishing sites. Victims are lured into investing in non-existent financial products promising high returns, only to be asked for additional fees or personal data when attempting to withdraw funds. The scam further exploits victims by offering fake recovery services under the guise of Europol or INTERPOL assistance, resulting in further financial losses. The campaign is geographically concentrated in European countries like Czechia, Slovakia, Spain, and Poland, as well as Japan. The attackers have also been linked to GitHub repositories hosting phishing templates, with ties to Russian and Ukrainian users. Despite a 37% decline in detections in the second half of 2025, the threat actors continue to adapt their tactics, highlighting the persistent risk posed by AI-enhanced social engineering attacks.

European organizations and individuals face significant financial risks from the Nomani scam, including direct monetary losses from fraudulent investments and secondary losses from identity theft due to the collection of personal and financial data. The use of AI deepfakes increases the credibility of the scam, making it more likely that victims will be deceived, thereby expanding the scope of impact. Financial institutions may experience increased fraud-related inquiries and chargebacks, while regulatory bodies could face pressure to enhance consumer protection measures. The scam also undermines trust in legitimate investment platforms and social media advertising, potentially affecting market confidence. Additionally, the use of Europol- and INTERPOL-themed lures to re-scam victims could complicate law enforcement efforts and victim recovery processes. The evolving tactics, including the abuse of legitimate social media advertising tools, make detection and prevention more challenging, increasing the likelihood of successful attacks. This threat could also strain cybersecurity resources within European organizations tasked with monitoring and mitigating phishing and fraud campaigns.

European organizations should implement advanced threat intelligence and monitoring solutions that specifically track AI-generated deepfake content and short-lived malicious ad campaigns on social media. Collaboration with social media platforms to quickly identify and remove fraudulent ads and URLs is critical. Organizations should educate employees and customers about the risks of investment scams, emphasizing skepticism towards unsolicited investment offers and the verification of endorsements or government claims. Deploying AI-based detection tools that analyze video and audio anomalies can help identify deepfake content. Financial institutions should enhance transaction monitoring to detect unusual investment patterns and require multi-factor authentication for account changes or withdrawals. Legal and regulatory bodies should work with social media companies to enforce stricter advertising policies and vetting processes for financial ads. Victims should be advised never to pay additional fees to recover lost funds and to report suspicious activities to authorities promptly. Finally, organizations should conduct regular phishing simulation exercises incorporating AI-enhanced social engineering scenarios to improve user awareness and response.