The fraudulent investment scheme known as Nomani has surged by 62%, as cyber researchers from ESET report, with campaigns spreading beyond Facebook to platforms like YouTube.Slovak cybersecurity firm ESET revealed that it blocked over 64,000 unique URLs linked to this scam in 2025. Most of the detections came from countries including Czechia, Japan, Slovakia, Spain, and Poland.
Initially identified in December 2024, Nomani exploits social media malvertising, branded posts, and AI-generated video testimonials to lure victims into investing in fictitious products promising high returns.Victims requesting withdrawals of the promised profits are often asked to pay extra fees or submit sensitive information, including ID cards and credit card details. True to classic investment scams, the ultimate outcome is financial loss.
The scammers often attempt a second round of deception by using Europol- and INTERPOL-themed social media content promising to recover stolen funds, tricking victims into further losses.
ESET highlighted that the scam’s tactics have become more sophisticated. AI-generated videos now appear more realistic, with higher resolution, smoother movements, better audio-visual synchronization, and reduced unnatural behaviors, making deception harder to detect.The fraudulent campaigns often use current events or well-known public figures to increase credibility. For instance, in Czechia, a fake news article claimed the government was investing through a scam cryptocurrency platform to generate substantial profits.
To evade detection by platform systems, attackers run campaigns for only a few hours and redirect users to benign pages if targeting criteria are not met. Legitimate social media tools like forms and surveys are increasingly misused to harvest victim information.AI tools are also reportedly used to generate phishing page templates, evidenced by coded comments such as checkboxes. GitHub repositories hosting these templates often originate from Russian or Ukrainian users.Despite these advances, Nomani detections declined in the second half of 2025, suggesting scammers are adjusting tactics in response to intensified law enforcement measures. ESET noted a 37% reduction in H2 2025 detections compared to H1 2025.
The revelation comes alongside a Reuters investigation showing that in 2024, 19% of Meta’s $18 billion ad revenue in China came from scam, gambling, pornography, and other banned content run by partner agencies. Meta has since reportedly begun reviewing these programs. Another Reuters report revealed that such ads could account for roughly 10% of Meta’s global revenue in 2024, highlighting the massive scale of online fraud.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
