ByDr. Tim Sandle
SCIENCE EDITOR
DIGITAL JOURNAL
March 25, 2026
Meta's after-hours shares jumped after a strong quarterly earnings report - Copyright AFP/File INA FASSBENDER
Social media has overtaken email as the UK’s top scam channel, accounting for over a third (34%) of reported online scam incidents. In 2025 alone, social media platforms have raked in a massive £430 million from criminals targeting British consumers with scam adverts – a 56% increase compared to 2022.
The financial toll on victims is significant, with people losing an average of £1,258 per scam advert. Meta-owned platforms have also come under scrutiny, with users reportedly exposed to an astonishing 15 billion “high-risk” scam ads every single day.
But where in the world are users most at risk from online financial scams -and what phrases do scammers most commonly use to lure them in?
In light of this, forex broker experts at BrokerChooser scraped the Meta Ads Library and analysed over 1,200 active finance-related ads to identify the countries where social media users are most vulnerable.
Where in the world are social media users the most at risk of financial scams?
| Rank | Country | Safe financial ads (%) | Risky financial ads (%) | Scam financial ads (%) | % of ads without risk disclaimers | % of ads with exaggerated claims | % of dodgy financial ads (risky + scam) |
| 1 | Poland | 0.00% | 95.83% | 4.17% | 95.65% | 95.83% | 100.00% |
| 2 | Czech Republic | 0.00% | 100.00% | 0.00% | 73.68% | 78.95% | 100.00% |
| 3 | Belgium | 6.15% | 87.69% | 6.15% | 98.25% | 87.69% | 93.85% |
| 4 | Switzerland | 6.20% | 90.70% | 3.10% | 94.87% | 85.27% | 93.80% |
| 5 | Hungary | 6.25% | 93.75% | 0.00% | 96.67% | 90.63% | 93.75% |
| 6 | Finland | 15.63% | 84.38% | 0.00% | 96.30% | 84.38% | 84.38% |
| 7 | Italy | 16.44% | 80.82% | 2.74% | 89.83% | 71.23% | 83.56% |
| 8 | France | 18.18% | 77.27% | 4.55% | 68.18% | 72.73% | 81.82% |
| 9 | Netherlands | 18.42% | 81.58% | 0.00% | 87.10% | 76.32% | 81.58% |
| 10 | Sweden | 19.05% | 61.90% | 19.05% | 76.92% | 57.14% | 80.95% |
| 11 | United States | 29.41% | 64.71% | 5.88% | 53.68% | 60.29% | 70.59% |
| 12 | Portugal | 30.00% | 65.00% | 5.00% | 92.31% | 60.00% | 70.00% |
| 13 | Denmark | 33.33% | 57.14% | 9.52% | 58.33% | 57.14% | 66.67% |
| 14 | Germany | 35.71% | 61.43% | 2.86% | 52.86% | 56.67% | 64.29% |
| 15 | Spain | 36.56% | 59.14% | 4.30% | 94.55% | 53.76% | 63.44% |
| 16 | United Kingdom | 55.75% | 43.36% | 0.88% | 36.28% | 38.94% | 44.25% |
| 17 | Greece | 59.38% | 25.00% | 15.63% | 100.00% | 25.00% | 40.63% |
| 18 | Ireland | 65.00% | 35.00% | 0.00% | 57.14% | 30.00% | 35.00% |
One-third of UK finance ads on Meta lack proper risk disclaimers
Despite recording one of the lowest financial scam ad rates on Meta, UK social media users remain at considerable risk, with a worrying 44.25% of finance-related Meta ads classified as ‘dodgy’. While a majority (55.75%) of ads are considered safe, the fact that over two in five finance ads (43.36%) are deemed high risk means many users continue to encounter potentially misleading financial promotions in their feeds.
According to the analysis, these risky ads tend to promise rapid profits while downplaying potential losses. Over a third (36.28%) of UK financial ads fail to include proper risk disclaimers and often use exaggerated, persuasive language such as “multiply your potential up to 20x!” and “instant payouts with 99.9% processed immediately”. Particularly concerning is the rise of AI-powered trading bots marketed for forex and crypto, often directing users to contact sellers via WhatsApp, a platform largely unregulated with minimal consumer protection.
Poland and Czech Republic face highest risk from social media financial scams
Social media users in Poland and the Czech Republic face the greatest exposure to financial scams online, with all (100%) finance-related Meta ads identified as either risky or outright scams.
In Poland, the scale of misleading content is striking: roughly 95% of financial ads lack proper risk disclaimers and rely on exaggerated claims to entice users. Many promote high-leverage proprietary trading models that promise easy access to large sums of capital and imply guaranteed returns. Phrases such as“gives you up to $400K in buying power with none of your own capital at risk” and rapid wealth narratives like “turn $5K to $400K In just 6 weeks” create a dangerously misleading impression of low risk and effortless profit.
A similar pattern is evident in the Czech Republic, where every finance-related Meta ad analysed was considered high risk. Almost three-quarters (73.68%) of ads lack risk disclaimers, while nearly 80% promote extreme profit claims.
Belgium ranks among the top three highest-risk countries, with a striking 93.85% of finance-related Meta ads classified as suspect. Just 6.15% of ads were considered safe, while risky ads accounted for 87.69%. AI-driven trading features prominently in several Belgian ads, with bold claims like “get super accurate AI-powered entry and exit signals – no guesswork” and “the trading bot starts working and making profits”, potentially posing a serious threat to unsuspecting users.
Report exposes industrial‑scale scams targeting everyday users
ByDr. Tim Sandle
SCIENCE EDITOR
Can you trust your ears? AI voice scams rattle US. - © AFP
A new report uncovers three global scam operations that are reshaping the cybersecurity threat landscape. The findings reveal a troubling pattern — cybercriminals are industrialising deception, blending outdated technologies, fake online stores, and cryptocurrency phishing to reach millions of users worldwide.
Compromised domains
The report comes from NordVPN’s Threat Intelligence group and it reveals that attackers are exploiting CVE‑2009‑2265, a 15‑year‑old flaw in the obsolete FCKeditor tool. Over 1,300 compromised domains — including corporate and research sites — have been hijacked to deliver malware and redirect traffic to phishing pages. These campaigns abuse trusted websites to bypass normal security filters, turning legitimate domains into tools for fraud.
Attackers have compromised over 1,300 high-value domains, including governmental, public, corporate, high-value brands, and research institutions. Once compromised, these trusted sites distribute malware or redirect traffic to fake stores and phishing pages — all while bypassing traditional defences enabled by domain allow listing.
Evidence, explained within the report, shows these compromised sites serve as launchpads for secondary scams, including fake crypto wallets and counterfeit e-commerce sites. The campaign has impacted users in Europe, the U.S., and China, signalling global reach.
The compromise of these trusted domains represents a high risk to user security. By exploiting the reputation and authority of these platforms, cybercriminals manage to evade normal defense mechanisms and trick users into clicking on malicious links, downloading infected software, or entering sensitive data on decoy sites. The use of authoritative domains lends an appearance of legitimacy to the scams, making them particularly dangerous and difficult for the average user to recognize.
Cryptocurrency
There are also frauds associated with cryptocurrency. Investigators exposed a global phishing network of over 100 fake crypto domains, using mass “erroneous deposit” emails promising 15 Bitcoin windfalls. Victims are tricked into logging in to cloned platforms and later paying fake “GAS fees,” enabling both financial theft and identity compromise.
Once victims sign in, the site displays a fictitious crypto balance, prompting them to “complete verification” by entering personal data like full name, phone number, and secondary passwords. This stage harvests data for identity theft and future attacks.
The final act of the scam requests “GAS Fees” or “transfer taxes” for the user to claim funds – charges that are entirely fabricated. Victims end up losing money and compromising their financial credentials.
NordVPN’s investigation further identified over 100 active domains impersonating cryptocurrency brands (including coinpoint[.]su, coinend[.]net, and paypot[.]net) used to carry out these scams.
Fake e-commerce sites
A third area of inquiry, which the report captures, is with a Chinese‑linked fake e‑commerce network. The team also discovered an organized web of 800+ fake stores built on WordPress and WooCommerce. These sites share the same contact address — support@carpartsoffice.com — and lure buyers with huge discounts. All point to a centralized fraud operation, showcasing how automation enables single actors to run massive fake‑shop ecosystems across multiple regions.
Key websites associated with this campaign include carpartsoffice[.]com, smashgeardepot[.]com, and qualitybaglab[.]com.
“Online scams are evolving faster than ever before,” explains Domininkas Virbickas, Product Director at NordVPN, to Digital Journal. “What once looked like crude attempts to trick a few users have become global, data‑driven operations capable of targeting millions.”
ByDr. Tim Sandle
SCIENCE EDITOR
DIGITAL JOURNAL
March 27, 2026Can you trust your ears? AI voice scams rattle US. - © AFP
A new report uncovers three global scam operations that are reshaping the cybersecurity threat landscape. The findings reveal a troubling pattern — cybercriminals are industrialising deception, blending outdated technologies, fake online stores, and cryptocurrency phishing to reach millions of users worldwide.
Compromised domains
The report comes from NordVPN’s Threat Intelligence group and it reveals that attackers are exploiting CVE‑2009‑2265, a 15‑year‑old flaw in the obsolete FCKeditor tool. Over 1,300 compromised domains — including corporate and research sites — have been hijacked to deliver malware and redirect traffic to phishing pages. These campaigns abuse trusted websites to bypass normal security filters, turning legitimate domains into tools for fraud.
Attackers have compromised over 1,300 high-value domains, including governmental, public, corporate, high-value brands, and research institutions. Once compromised, these trusted sites distribute malware or redirect traffic to fake stores and phishing pages — all while bypassing traditional defences enabled by domain allow listing.
Evidence, explained within the report, shows these compromised sites serve as launchpads for secondary scams, including fake crypto wallets and counterfeit e-commerce sites. The campaign has impacted users in Europe, the U.S., and China, signalling global reach.
The compromise of these trusted domains represents a high risk to user security. By exploiting the reputation and authority of these platforms, cybercriminals manage to evade normal defense mechanisms and trick users into clicking on malicious links, downloading infected software, or entering sensitive data on decoy sites. The use of authoritative domains lends an appearance of legitimacy to the scams, making them particularly dangerous and difficult for the average user to recognize.
Cryptocurrency
There are also frauds associated with cryptocurrency. Investigators exposed a global phishing network of over 100 fake crypto domains, using mass “erroneous deposit” emails promising 15 Bitcoin windfalls. Victims are tricked into logging in to cloned platforms and later paying fake “GAS fees,” enabling both financial theft and identity compromise.
Once victims sign in, the site displays a fictitious crypto balance, prompting them to “complete verification” by entering personal data like full name, phone number, and secondary passwords. This stage harvests data for identity theft and future attacks.
The final act of the scam requests “GAS Fees” or “transfer taxes” for the user to claim funds – charges that are entirely fabricated. Victims end up losing money and compromising their financial credentials.
NordVPN’s investigation further identified over 100 active domains impersonating cryptocurrency brands (including coinpoint[.]su, coinend[.]net, and paypot[.]net) used to carry out these scams.
Fake e-commerce sites
A third area of inquiry, which the report captures, is with a Chinese‑linked fake e‑commerce network. The team also discovered an organized web of 800+ fake stores built on WordPress and WooCommerce. These sites share the same contact address — support@carpartsoffice.com — and lure buyers with huge discounts. All point to a centralized fraud operation, showcasing how automation enables single actors to run massive fake‑shop ecosystems across multiple regions.
Key websites associated with this campaign include carpartsoffice[.]com, smashgeardepot[.]com, and qualitybaglab[.]com.
“Online scams are evolving faster than ever before,” explains Domininkas Virbickas, Product Director at NordVPN, to Digital Journal. “What once looked like crude attempts to trick a few users have become global, data‑driven operations capable of targeting millions.”
No comments:
Post a Comment