The scam thrives on the proliferation of deceptive ads strategically designed to trick Facebook users. These advertisements employ sensational language, feature prominent media figures from many countries, and exploit the allure of scandalous events, all with the aim of enticing users into clicking on their clickbait headlines. However, once clicked, these ads redirect users to counterfeit media organisation websites that serve as a front for fraudulent activities. Impersonated media include Le Monde, the BBC, Süddeutsche Zeitung and more.
Upon reaching the false media websites, users are presented with what appears to be an account creation form for a supposed lucrative investment platform. This form is actually a cleverly disguised personal data collection tool. Victims share their contact data with the scammers, who then contact them via phone. The fraudsters employ persuasive tactics to convince users to send money through a fictitious investment platform.
To propagate these fraudulent ads, the scammers have seized control of numerous Facebook pages through cunning social engineering techniques. In our observations, scammers targeted mainly artists and creators in what has come to be known as the “Tony Terry Scam,” wherein the scammers lure them into giving control of their pages through false collaboration proposals. By gaining admin access to these established pages, the scammers are able to place dubious ads.
The infrastructure behind this scam is intricate. The scammers employ a network of three-tier Facebook pages to maximize their fraudulent activities. The first tier consists of pages that continuously post viral content, while the second tier acts as recruitment pages by reposting the content. Finally, the third tier comprises smaller pages owned by artists or creators, which are used to place the ads.
To support their scam, the perpetrators have gone to great lengths to create forged media websites that impersonate reputable news organizations. These websites serve as landing destinations for the scam ads displayed on Facebook. With clickbait articles promoting get-rich-quick schemes and fabricated testimonies, the scammers prey upon users’ desires for financial gain. Moreover, they utilize counterfeit e-commerce sites to circumvent Facebook’s verification measures, further exacerbating the issue.
This investigation serves as a stark reminder of the importance of user awareness and vigilance on Facebook and social media at large. But platforms and service providers themselves bear responsibilities. The scam operation we uncovered violates many rules as established in the terms fo service of Meta as well as those of registrars and hosting services used by scammers to run their forged websites. As our partner EU Disinfolab points out in their upcoming paper based on our investigation, many upcoming rules set by the Digital Services Act are not followed. This tells a cautionary tale about the capacity of platforms to observe the DSA in the near-future.
Check First is a leading Finnish software and methodologies company, spearheading adversarial research techniques. We believe that everyone should be able to understand how and why content is presented to them. We advocate for online clarity and accountability, building solutions to attain this goal. Partnering with leading institutions, regulators, NGOs and educators, we aim at curbing the spread of disinformation and foreign influence manipulations.
Our story