Scams at Scale: How Investment Fraud Became a Global Threat

Is your brand safe from being weaponized?

Threat actors worldwide are leveraging consumer-trusted brands to orchestrate sophisticated scams. Between using generative AI to perpetrate phishing attacks to white collar crime that puts the organization in jeopardy, it‘s important to understand the risk of broad-reaching investment scams and corporate fraud.

Let‘s dive into the rising threat of investment scams and how cybercriminals are weaponizing brands for their own gain.

How has investment fraud evolved from a consumer threat to a corporate risk?

Investment fraud, the promise of low- or no-risk investments that turn out to be non-existent, doesn‘t just affect consumers but also organizations.

One of the most recognizable and trusted brands in the world, Microsoft, is often exploited by cybercriminals to wreak havoc.

In 2024 alone, threat actors’ abuse of legitimate Microsoft tools rose by 51% compared to 2023. According to a recent 2025 Zscaler report, Microsoft continued to be the most impersonated brand (51.7%), followed by Telegram (4.8%) and Google (4.3%).

In the same year, the FBI released new findings—cyber-enabled fraud was responsible for 83% of all losses reported.

Figure 2. A graph showing the estimated total loss to businesses from cyber-enabled fraud in 2024. Source: FBI

Organizations breached by threat actors experience an average loss of [$4.45 million in damages]. The FBI estimated the total cost of investment scams to be $6.6 billion, although the actual number could be higher.

How do attackers target organizations? Threat actors use convincing tactics such as spoofing numbers or smishing with malicious text messages to trick individuals into revealing sensitive information like passwords, verification codes, credit card numbers, and other sensitive financial information.

When hackers have enough information, they can use the unauthorized information to perform targeted spearphishing campaigns can be used to introduce ransomware or gain access to restricted areas of the system.

The dangers of deepfakes and AI

To make fraud schemes more convincing, threat actors are using deepfake videos and AI to defraud organizations.

To attack organizations, threat actors create fake versions of trusted domains that employees use daily. Threat actors work to gather sensitive employee and company information, including usernames, passwords, business emails, and financial information.

Earlier this year in Hong Kong, an employee of a British multinational company paid $25 million to fraudsters after being duped by a deepfake conference call with the company‘s CFO.

AI is also used in online content creation to promote and influence victims to trust scams. Researchers have found YouTube channels filled with videos enticing viewers to engage with fake crypto trading platforms.

Figure 5. A screenshot of a YouTube channel run by a cryptoscammer. Source: Group IB

Fake AI influencers with AI blogs, social media accounts, and videos create a false sense of authenticity and trust, perpetuating the financial fraud.

Cybercriminals use brands to their advantage, risking the brand‘s credibility and reputation, while also endangering staff.

AI makes it easy for criminals to quickly generate materials to persuade victims, cloning the voice and likeness of company executives to fool the general public or internal employees.

Investment scams to watch out for

Investment scams are another way cybercriminals can fund their operations.

Organizations can become entangled in investment scams, particularly with cryptocurrency, when it can be difficult to tell which cryptocurrencies are legitimate.

Threat actors use a wide variety of scams to deceive victims:

• Ponzi schemes: Early investors are paid returns from new investors’ money rather than actual profits. In 2022, BitConnect was indicted by the DOJ for fraudulent cryptocurrency activity, reaching a peak market capitalization of $3.4 billion. The Ponzi scheme obtained $2.4 billion from investors by artificially inflating its own digital currency.
• Fake investment platforms: Cybercriminals create convincing websites and apps that imitate legitimate trading platforms, resulting in financial losses when the “returns” cannot be withdrawn. The trading platform Crypto-Networks.net was discovered to be a fraudulent operation after investors noted their accounts were frozen after making large deposits.
• Pig butchering scam: Fraudsters establish a professional and personal relationship with victims through social media to gain confidence before introducing them to a fraudulent business opportunity. Once the funds are deposited, they‘re as good as gone. According to Reuters, $9.1 million in cryptocurrency losses was linked to pig-butchering scams from 2021 to 2022.

Figure 6. A screenshot of a pig butchering crypto scam in action. Source: TrendMicro

Protecting against white-collar crime

Sometimes, it‘s not hackers that pose the greatest threat. White-collar crime occurs when internal employees use confidential information to leverage for unfair gain. Fraudulent activities are hidden behind legitimate business activities to disguise the financial fraud.

In a 2025 survey, 63% of respondents reported that their organizations faced check fraud, while only 22% of organizations were able to recover 75% or more of the funds lost.

According to the Association of Certified Fraud Examiners (ACFE), businesses worldwide lose about 5% of their annual revenue to occupational fraud each year, totalling around $3.1 billion in 2024.

White-collar crime can be difficult to detect since it operates in tight-knit groups involving multiple stakeholders within the organization.

You need to be agile when it comes to fraud types

1. Insider trading: The practice of using non-public information for financial gain. In 2025, the Securities and Exchange Commission (SEC) reaffirmed action against insider trading by strengthening rules and working closely with the Department of Justice (DOJ) to pursue criminal convictions in cases of broad-reaching fraud.
2. Embezzlement: When a trusted employee illegally diverts assets for personal use. In 2024, the IRS prosecuted a former attorney for embezzling $7.2 million from loan disbursements at Washington Federal Bank in Chicago.
3. Securities fraud: Deceptive practices in stock or investment markets to manipulate stock prices for personal gain. In 2022, the founder of the cryptocurrency platform FTX was charged by the DOJ for securities fraud and lying to stakeholders about the financial state of the company.
4. Money laundering: The process of disguising illegally obtained funds to make them appear legitimate and obscure their criminal origin. In 2024, a law partner was sentenced to 10 years in jail for laundering about $400 million from an international cryptocurrency fraud scheme known as OneCoin.
5. Financial statement fraud: The deliberate misrepresentation of a company’s financial health through falsified reports. WorldCom, one of the largest telecommunications companies in the 2000s, fraudulently inflated its assets by over $11 billion by improperly capitalizing operating expenses as capital investments. The DOJ prosecuted WorldCom and ordered it to repay $27 million and imprisoned the former CEO.
6. Wire fraud: The use of electronic communication tools to defraud someone of money or property. In 2025, a former employee of an NFL team was prosecuted by the DOJ for wire fraud and embezzling over $22 million. He used his role as the administrator for the team’s virtual credit card program to make hundreds of purchases and transactions with no legitimate business purpose, and created fraudulent entries to disguise his activity from the accounting department.

A recent Melbourne University study uncovered that corporate fraud is a result of “the intersection of failures at a personal, organisational and industry level that resulted in misconduct.” A systematic approach is needed to minimize the risk of internal corruption.

The Enron scandal

The most notable example of corporate fraud is the Enron scandal.

At the beginning of 2001, Enron was a giant in the energy sector. Its high valuation and dealings across New York and the US gave the brand a trusted image. Shares hit an all-time high of $90.75 before plummeting to less than $1 by the end of the year.

Despite a revenue stream of $101 billion in 2000, Enron was about to deal with the fallout of a broad-reaching fraud scheme.

Whistleblower Sherron Watkins raised concerns that were initially dismissed, but a subsequent SEC investigation exposed widespread accounting fraud. This misrepresentation of valuation and inflation of stock prices gave Enron‘s CFO, Andrew Fastow, millions in kickbacks through a network of fraudulent partnerships. Enron‘s former CEO, Jeffrey Skilling, and the chairman, Kenneth Lay, sold millions in stock before the collapse, inflating the valuation for personal gain.

The SEC also uncovered how the accounting fraud was done without raising alarms. Enron‘s accounting firm, Arthur Andersen, was complicit in the scheme and was later convicted of obstruction of justice for shredding documents during the DOJ-led fraud investigation.

In the wake of the accounting scandal, the Sarbanes-Oxley Act (SOX) was passed to protect investors and hold public companies accountable. SOX compliance is now essential for all public companies to verify the accuracy of financial information for investor and consumer confidence.

The role of a CISO in protecting against fraud

Chief Information Security Officers (CISOs) are instrumental in creating a security culture within an organization. Brand protection can seem like a marketing or cybersecurity responsibility, but ultimately, it requires a cross-functional approach.

CISOs can guide employees and management to:

• Recognize and report social media impersonation attempts, helping to prevent reputational damage and customer confusion.
• Work collaboratively across departments to better remedy potential breaches and orchestrate takedowns.
• Implement monitoring tools that detect lookalike domains and fake accounts in real-time.
• Increase security awareness and educate employees to recognize fake accounts and suspicious activity.

Develop a strategic digital risk protection program

It‘s important for organizations to have a strategic risk prevention program to lower the risk of brand impersonation and corporate fraud.

1. Monitor all external-facing assets: Proactively monitor your external attack surface to catch lookalike domains, harmful social media accounts, and fake mobile apps.
2. Map threat vectors: Mapping threats across domains, apps, and email addresses can help attribution and prevent a coordinated attack.
3. Automate takedowns: Taking down malicious domains and other attack vectors automatically ensures your team can stay on top of rising threats.
4. Enhance governance: Involving stakeholders from across the organization ensures visibility into emerging threats.
5. Keep track of success: Report on successful takedowns, number of impersonation attempts, and remediation time to gauge the current threat landscape.

Wrapping up

Investment scams and corporate fraud continue to pose a threat to organizations worldwide. It‘s not just hackers that can cause damage, but also employees who operate in an environment of misconduct.

Weak internal controls, poor oversight, and siloed departments create conditions ripe for exploitation, allowing perpetrators to conceal fraudulent activity for long periods of time.

Reporting fraud to law enforcement as part of regulatory efforts is a crucial step towards stamping out financial fraud.

Defend Your Brand Reputation with CybelAngel’s External Threat Intelligence

Proactive prevention is the best strategy against emerging fraud cases. Catch malicious domains and social media accounts before they cause damage, and monitor your external attack surface to keep threats at bay.