SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Online fraud suspicious investment ads phone laptop warning icons
#
Phishing
#
MarTech
#
Physical Security

Bitdefender unmasks global Meta investment scam ads

Tue, 10th Mar 2026
Author image
By Sean Mitchell, Publisher

Bitdefender has identified a global network of investment scams that used paid adverts on Meta platforms to lure users into fraudulent trading schemes, including campaigns targeting Australia.

Researchers mapped 310 coordinated campaigns and more than 26,000 malicious adverts running from early February to early March. The adverts appeared in more than 15 languages and operated across at least 25 countries.

The adverts were designed to resemble legitimate news stories and financial opportunities. Many impersonated established news organisations, banks, and well-known public figures to build credibility and prompt clicks.

One Australia-linked example used Commonwealth Bank branding and a news-style format. It depicted a supposed televised confrontation involving Commonwealth Bank Chief Executive Officer Matt Comyn, finance journalist Ross Greenwood, investigative reporter Adele Ferguson, and business commentator Alan Kohler. The storyline promoted what it called a new national investment platform.

How the scams worked

Across campaigns, the scams followed a similar pattern. Users saw a sponsored post framed as breaking news, a celebrity scandal, or a financial revelation, often presented as a video clip, headline, or image that mimicked a publisher website or broadcaster segment.

After a click, traffic was routed through a series of websites before landing on a convincing but fraudulent page, typically styled as a news article or investment offer. Visitors were urged to sign up for more information or access a trading service.

The fraud then shifted to direct contact. Victims entered personal details such as their name, phone number, and email address. People posing as investment brokers contacted them by phone, text, or email and pressed for an initial deposit.

A fake trading dashboard often reinforced the pressure by showing fabricated profits that made the investment appear to be working. Many victims later found they could not withdraw funds.

Coordinated ecosystem

The scale and coordination suggested an organised structure rather than isolated scams. The investigation found signs of shared infrastructure and technical fingerprints linking campaigns, along with reuse of similar approaches across different regions.

This reuse made localisation easy. Operators could swap story formats, public figures, and branding for each market while keeping the same funnel and lead-capture process. The method appeared across Europe, North America, South America, Asia, Oceania, and Africa.

Impersonation was central. Familiar financial brands and public figures can lower scepticism, especially in fast-scrolling social media feeds where users rely on visual cues and brand recognition. A news-style presentation can also create urgency, reducing scrutiny of the offer.

Evasion techniques

The research described several techniques used to evade automated moderation. These included redirect chains that send users through intermediate sites before reaching the final destination, and domain spoofing, where addresses are crafted to resemble legitimate outlets or brands.

Another tactic used look-alike characters in website names by substituting similar-looking letters. The result can pass casual inspection while directing users to scam-controlled infrastructure.

The campaigns also relied on rotation. Domains, narratives, and ad accounts changed over time, complicating takedowns. This pattern is consistent with malvertising operations that treat ad accounts and domains as disposable assets.

Australia in focus

The use of Commonwealth Bank branding and prominent Australian media and business names shows how closely the campaigns tailored messaging to local audiences. In Australia, banks and mainstream media brands are highly recognisable, and that familiarity can make a fraudulent advert seem legitimate.

The example described in the research presented the pitch as a dramatic on-air moment, aligning with broader scam tactics that rely on controversy and urgency. It also reflects a wider social media fraud trend that blends investment pitches with entertainment-style headlines.

Bitdefender continues to track the infrastructure behind the campaigns and expects the activity to remain "active and adaptable as scammers rotate domains, narratives and ad accounts to avoid detection."

Related stories
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks
CommBank deploys AI to spot emerging fraud patterns
The real-time data solution to the AI energy problem
Commvault extends Clumio support to Google Cloud Storage

Top stories

Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
ISACA launches AI risk certification amid governance gap