Investment scams have become one of the most financially damaging forms of fraud. According to the Federal Trade Commission (FTC), consumers reported more than $7.9 billion in losses to investment scams in 2025, with a median loss exceeding $10,000 per victim.
The scale of the problem extends well beyond the United States. UK Finance reported £221.5 million was lost to investment scams in 2025, while authorities in Hong Kong recently dismantled a cross-border investment fraud and money-laundering syndicate linked to losses exceeding HK$200 million.
These schemes are increasingly powered by social media, cryptocurrency, artificial intelligence, and sophisticated online infrastructure. AI-generated advertisements, deepfake videos, cloned news websites, fake investment portals, and impersonated public figures are now common features of modern fraud campaigns.
For intelligence analysts, fraud teams, and corporate security professionals, investment scams represent an increasingly important challenge. Every investment scam leaves behind a digital footprint. By analyzing social media, identifiers, domains, and other publicly available information, investigators can begin uncovering the networks behind the fraud.
An investment scam occurs when criminals persuade individuals to invest money into a fake opportunity. These schemes are carefully designed to appear legitimate and often include professional branding, sophisticated websites, fabricated reviews, and convincing marketing materials.
Many modern scams follow a similar lifecycle:
The sophistication of these schemes continues to grow. Researchers recently identified an AI-themed investment scam campaign spanning more than 15,000 domains that used cloaking technology, deepfake content, and traffic distribution systems to evade detection and target victims worldwide.
Despite efforts to appear legitimate, investment scams generate publicly accessible intelligence. Social media profiles, phone numbers, email addresses, usernames, domain registrations, advertisements, and cryptocurrency wallet addresses can all help investigators build a clearer picture of the fraudsters behind a scheme.
Social media is often the recruitment engine. What begins as a single fraudulent profile may reveal a wider network of accounts promoting the same opportunity across multiple platforms.
One of the most effective techniques is following identifiers, as scammers frequently reuse email addresses, phone numbers, and usernames. A messaging app username tied to a cryptocurrency investment scheme may also appear on a forex trading site. A customer support phone number may be linked to multiple fraudulent brands. An email address used in domain registration may reveal additional websites controlled by the same operators.
By connecting these indicators, investigators can move from isolated fraud reports to a broader view of the entities, infrastructure, and networks behind the scam.
One of the most important developments in investment fraud investigations is the growing recognition that many scams are components of larger criminal ecosystems.
Recent enforcement actions have revealed links between investment scams, romance fraud, money laundering services, cybercrime marketplaces, and human trafficking operations.
In 2025, U.S. authorities took action against infrastructure linked to the Huione Group, an organization accused of facilitating money laundering and cyber-enabled crimes. Investigators linked associated messaging app channels to discussions involving stolen financial data, laundering services, and support for romance and investment fraud operations.
The U.S. Department of Justice has also pursued actions against infrastructure linked to large-scale pig-butchering operations, underscoring the increasingly international and organized nature of these schemes.
Investment scams are not solely a financial crime problem. Corporate security, protective intelligence, trust and safety, and brand protection teams increasingly find themselves responding to investment fraud campaigns that abuse their organization's identity.
Criminals routinely exploit legitimate brands to build credibility and gain victim trust. Common examples include:
Artificial intelligence has dramatically lowered the barrier to creating convincing impersonation content. Researchers have identified campaigns that use deepfake news broadcasts, fabricated interviews, and cloned websites mimicking trusted organizations, among other tactics to create a false sense of legitimacy.
Organizations can take a more proactive approach by identifying indicators of emerging scams. Situational awareness efforts may focus on:
By keeping a pulse on these flags, organizations can identify fraudulent campaigns earlier, collect evidence more effectively, and support disruption efforts before a scam gains significant traction.
For investigators, the objective extends beyond identifying a fraudulent website. The real challenge is understanding the entities, infrastructure, and networks behind the operation.
Every investment scam leaves a trail of intelligence. Social media, domains, advertisements, identifiers, cryptocurrency wallets, and impersonated brands all create opportunities for investigation.
By leveraging OSINT to collect, analyze, and connect these indicators, investigators can move beyond individual incidents, uncover broader criminal ecosystems, support enforcement efforts, and help organizations protect their brands from abuse.