Facebook Ad Scams Lure Victims With Fake Investors

Cybersecurity analysts have uncovered two sophisticated investment scam operations that leverage Facebook advertisements, deceptive domains, and IP-based filtering to target victims. Identified by DNS threat intelligence firm Infoblox as “Reckless Rabbit” and “Ruthless Rabbit,” the campaigns employ spoofed celebrity endorsements to lure users into fraudulent schemes.

The scams are structured around traffic distribution systems (TDSes), which enable the threat actors to selectively redirect potential victims based on their IP addresses, effectively filtering out cybersecurity researchers or non-targeted users. The attackers also utilize domains registered through Rapid Domain Generation Algorithms (RDGAs), a tactic that complicates detection and takedown efforts by automating the creation of multiple domains.

These coordinated campaigns illustrate the increasing complexity of online investment frauds, which now combine elements of social engineering, ad-based targeting, and technical obfuscation. The use of mainstream platforms like Facebook further amplifies the reach and credibility of these schemes, posing heightened risks to unsuspecting users.