Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud.
Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others use official branding to drive traffic outside of the platform to lookalike illicit domains that are not affiliated with banks.
Closely impersonate bank branding
We have come across multiple instances of Instagram ads that may appear to be run by Canadian banks but are scams.
An example ad shown below claims to be from “Eq Marketing” and closely mimics EQ Bank’s branding and color scheme, while promising a rather optimistic interest yield of “4.5%”.
Tapping on it, however, takes you to a counterfeit RBCpromos1[.]cfd phishing website that is not affiliated with EQ Bank, and attempts to collect your banking credentials.
(BleepingComputer)
The letters “RBC” in the phishing domain also imply that the domain could have been associated with other phishing campaigns targeting, for example, consumers of RBC or Royal Bank of Canada, one of the largest Canadian banks.
Tapping “Yes, continue with my account” presents the user with a fraudulent “EQ Bank” login screen, prompting for banking credentials.
By contrast, a legitimate ad from EQ Bank seen by us on platforms like Reddit leads visitors to the official eqbank.ca website (and is seen promoting a more realistic interest rate):
Use AI deepfake videos of a bank strategist
Another fraudulent ad captioned ‘BMO Belski’ appears as a story on Instagram. The ad prompts users with a few screening questions such as, “How long have you been investing in stocks?”
Screening questions are a common engagement tool employed by legitimate advertisers to gauge their prospects before leading them to the most relevant product offerings.
In this case, however, after answering these bogus questions, the user is led to a screen prompting them to submit contact information to the advertiser, i.e., ‘BMO Belski’:
(BleepingComputer)
The ad is clever—not only does it misuse BMO’s name, but also implies affiliation with Brian Belski, the bank’s Chief Investment Strategist and leader of the Investment Strategy Group. A casual user may be tricked into believing they are being presented with credible financial advice and investment products from a renowned expert.
We additionally noticed ‘BMO Belski’ ads playing AI-generated deepfake videos of Belski, luring people to a “private WhatsApp investment group”.
‘Facebook advertiser isn’t on Instagram’
A common theme we observed among these ads was that the advertiser accounts running them did not exist on Instagram, but rather on Facebook alone.
‘BMO Belski’ has a Facebook page (archived) with some thousand-plus followers, but no presence on Instagram where the entity’s ads show up.
Meta Business Manager does make it possible to run Instagram ads using your Facebook page (without having an Instagram account).
The exact reason for scammers following this route is not clear. We suspect, however, that doing so saves scammers the trouble of establishing their presence and followership on Instagram, which could take time. Besides, recently created Instagram accounts (linked to an ad) may be easier to spot than… if they were to simply not exist.
Interestingly, the ‘BMO Belski’ Facebook page, which has existed since October 27, 2023, contains just two posts, both made this week.
Before its use in impersonating the BMO spokesperson, the page was originally titled ‘Brentlinger Matt Blumm’ when it was created, yet another sign of threat actors repurposing digital assets like stolen social media pages, much like the aforementioned RBCpromos1 phishing domain.
(BleepingComputer)
Whereas creating brand new pages for their scams would bear a recent creation date, raising red flags, repurposing pages buys scammers more credibility as they can now show that a page has existed for a while and has followers (whether real or bots).
We reported the fraudulent ads to Instagram, but these ads continued to appear even days after, indicating the dangers of such campaigns due to logistical delays in nuking them.
BleepingComputer reached out to BMO and EQ Bank, making them aware of these campaigns. We have also approached Meta’s communications team for comment.
A source familiar with the matter told BleepingComputer that Meta is currently investigating this content and will remove any that is deemed to be fraudulent.
EQ Bank told BleepingComputer that it is aware of the phishing ad campaign and is working proactively with the platforms to have them taken down as quickly as possible.
“They are, of course, in no way condoned or endorsed by us,” an EQ Bank spokesperson told BleepingComputer.
“It’s unfortunate that these kinds of high-fidelity scams are on the rise to take advantage of customers.”
“The safety and security of our customers remains our top priority. We urge our customers to exercise caution when encountering online promotions and to verify the legitimacy of any communication by contacting us directly through our official channels. We’ve also advised our entire customer base of the rise of these kinds of scams to ensure they’re aware of what to look for and where to be cautious.”
Readers should be mindful when clicking on ads on social media platforms like Instagram and Facebook, even if these appear to be from legitimate organizations and bear their branding.
Ads appearing from Instagram accounts with a “verified” badge, shown above, may provide additional assurance as to their credibility. Users should, however, still ensure that they are being led to websites or forms that are not impersonations but official domains and assets of the organization they claim to represent.
As the saying goes, if it looks too good to be true, it probably is.
Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore.
In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work — no complex scripts required.
Source link
-
-
-
-
-
-
-
-
