OSINT Blog / Post

July 02, 2026

Tackling Investment Scams With OSINT

Investment scams have become one of the most financially damaging forms of fraud. According to the Federal Trade Commission (FTC), consumers reported more than $7.9 billion in losses to investment scams in 2025, with a median loss exceeding $10,000 per victim.

The scale of the problem extends well beyond the United States. UK Finance reported £221.5 million was lost to investment scams in 2025, while authorities in Hong Kong recently dismantled a cross-border investment fraud and money-laundering syndicate linked to losses exceeding HK$200 million.

These schemes are increasingly powered by social media, cryptocurrency, artificial intelligence, and sophisticated online infrastructure. AI-generated advertisements, deepfake videos, cloned news websites, fake investment portals, and impersonated public figures are now common features of modern fraud campaigns.

For intelligence analysts, fraud teams, and corporate security professionals, investment scams represent an increasingly important challenge. Every investment scam leaves behind a digital footprint. By analyzing social media, identifiers, domains, and other publicly available information, investigators can begin uncovering the networks behind the fraud.

How Modern Investment Scams Work

An investment scam occurs when criminals persuade individuals to invest money into a fake opportunity. These schemes are carefully designed to appear legitimate and often include professional branding, sophisticated websites, fabricated reviews, and convincing marketing materials.


Many modern scams follow a similar lifecycle:

  1. Discovery - Victims are often introduced to opportunities through social media adverts, dating apps, fake news articles, and direct messages on certain mobile applications. Then conversations move onto encrypted messaging apps.
  2. Trust Building - Fraudsters use fake advisors, fabricated testimonials, AI-generated reviews, deepfakes, and impersonated public figures to establish credibility.
  3. Investment and Escalation - Victims are directed to fake trading platforms or investment portals where fabricated returns encourage larger deposits. In pig-butchering schemes, the trust-building process may take weeks or months.
  4. Extraction - When victims attempt to withdraw funds, they encounter additional fees, taxes, or compliance requirements before communications cease entirely.

The sophistication of these schemes continues to grow. Researchers recently identified an AI-themed investment scam campaign spanning more than 15,000 domains that used cloaking technology, deepfake content, and traffic distribution systems to evade detection and target victims worldwide.

Every Investment Scam Leaves a Trail

Despite efforts to appear legitimate, investment scams generate publicly accessible intelligence. Social media profiles, phone numbers, email addresses, usernames, domain registrations, advertisements, and cryptocurrency wallet addresses can all help investigators build a clearer picture of the fraudsters behind a scheme.

Social media is often the recruitment engine. What begins as a single fraudulent profile may reveal a wider network of accounts promoting the same opportunity across multiple platforms.

One of the most effective techniques is following identifiers, as scammers frequently reuse email addresses, phone numbers, and usernames. A messaging app username tied to a cryptocurrency investment scheme may also appear on a forex trading site. A customer support phone number may be linked to multiple fraudulent brands. An email address used in domain registration may reveal additional websites controlled by the same operators.

By connecting these indicators, investigators can move from isolated fraud reports to a broader view of the entities, infrastructure, and networks behind the scam.

From Individual Scams to Criminal Networks

One of the most important developments in investment fraud investigations is the growing recognition that many scams are components of larger criminal ecosystems.

Recent enforcement actions have revealed links between investment scams, romance fraud, money laundering services, cybercrime marketplaces, and human trafficking operations.

In 2025, U.S. authorities took action against infrastructure linked to the Huione Group, an organization accused of facilitating money laundering and cyber-enabled crimes. Investigators linked associated messaging app channels to discussions involving stolen financial data, laundering services, and support for romance and investment fraud operations.

The U.S. Department of Justice has also pursued actions against infrastructure linked to large-scale pig-butchering operations, underscoring the increasingly international and organized nature of these schemes.

Why Corporate Security Teams Should Care

Investment scams are not solely a financial crime problem. Corporate security, protective intelligence, trust and safety, and brand protection teams increasingly find themselves responding to investment fraud campaigns that abuse their organization's identity.

Criminals routinely exploit legitimate brands to build credibility and gain victim trust. Common examples include:

  • Cloned corporate websites
  • Fraudulent investment products
  • Fake social media accounts
  • Unauthorized use of company logos
  • Executive impersonation campaigns

Artificial intelligence has dramatically lowered the barrier to creating convincing impersonation content. Researchers have identified campaigns that use deepfake news broadcasts, fabricated interviews, and cloned websites mimicking trusted organizations, among other tactics to create a false sense of legitimacy.

Organizations can take a more proactive approach by identifying indicators of emerging scams. Situational awareness efforts may focus on:

  • Brand mentions linked to investment opportunities
  • Executive impersonation
  • Customer complaints

By keeping a pulse on these flags, organizations can identify fraudulent campaigns earlier, collect evidence more effectively, and support disruption efforts before a scam gains significant traction.

Investment Scams Are Intelligence Problems

For investigators, the objective extends beyond identifying a fraudulent website. The real challenge is understanding the entities, infrastructure, and networks behind the operation.

Every investment scam leaves a trail of intelligence. Social media, domains, advertisements, identifiers, cryptocurrency wallets, and impersonated brands all create opportunities for investigation.

By leveraging OSINT to collect, analyze, and connect these indicators, investigators can move beyond individual incidents, uncover broader criminal ecosystems, support enforcement efforts, and help organizations protect their brands from abuse.