Beware of Scammers Posing As Banks on Instagram and Facebook
While many financial institutions have a presence on social media, not all content that appears legitimate and trustworthy is. Scammers are posting ads on Instagram posing as Canadian banks, including Bank of Montreal and EQ Bank, in phishing campaigns.
An investigation by Bleeping Computer found a series of fake Instagram ads that directed users to phishing sites that harvested login credentials, as well as stories purporting to be a well-known banking strategist harvesting contact information.
How Scammers Impersonate Banks on Instagram
These Instagram phishing scams take several forms. In one, scammers use what appears to be official bank branding in static ad posts promising high-interest rates on savings accounts. If users click to learn more or apply, they are redirected to a fake website and asked to enter their account information. Although the page appears legitimate, the URL is clearly not associated with the actual EQ Bank domain.
Another version of this scam involves fake ads and videos using artificial intelligence posing as Brian Belski, chief investment strategist at Bank of Montreal. “BMO Belski” ads appear in Instagram Stories with screening questions like “How long have you been investing in stocks?” After answering, the user is prompted to send the advertiser their contact information. The videos direct users to private “investing groups” on WhatsApp.
The latest is a repeat of a scam campaign I recently reported on : Facebook ads that appear to be linked to well-known investors like ARK Investment Management’s Cathie Wood, CNBC’s Joe Kernan, and Fundstrat’s Tom Lee, and lead users into WhatsApp group chats where they are sucked into pump-and-dump schemes. Obviously, the investors featured don’t actually endorse the ads or advice, but an unsuspecting user may believe they are receiving credible information from trusted sources.
As Bleeping Computer points out, the accounts behind BMO Belski’s ads exist only on Facebook — Meta Business Manager allows Facebook pages to run Instagram ads without an Instagram account. If you go to BMO Belski’s Facebook page, you’ll see signs that the account is repurposing an existing page with an earlier creation date and established followers (albeit only two posts), potentially increasing its credibility to the casual observer.
How to Avoid Bank Impersonation Scams
Such fraudulent advertising may become increasingly difficult to spot due to the use of stolen brand assets and AI-generated videos, which, as we’ve said, are as believable as we want them to be .
Always be critical of social media content that appears to come from a legitimate entity or famous person. Investors (at least trustworthy ones) and celebrities generally do not give too-good-to-be-true financial advice on Instagram and Facebook or in WhatsApp chats.
Trusted Instagram accounts will have a “verified” badge, but you should still be careful when entering your credentials on a site you’ve been directed to by an ad. It’s best to go straight to the organization’s official page or website and log in from there to verify any online promotions. Social media ads are used to spread malware — another reason not to engage with them.