Threat Actors Tricks Target Users Via Impersonation and Fictional Financial Aid Offers

An international ecosystem of sophisticated scam operations has emerged, targeting vulnerable populations through impersonation tactics and fraudulent financial aid promises.

The campaign, dubbed “Vulnerability Vultures,” primarily focuses on older adults who represent lucrative targets for threat actors.

According to the FBI’s Internet Crime Complaint Center, the 60-plus age group filed the highest number of complaints in 2024, with losses totaling $4.8 billion, nearly double the next highest category.

Federal Trade Commission data further reveals that adults 70 years or older experience significantly higher median dollar losses compared to younger demographics.

The scammers leverage major social media platforms as initial contact points, subsequently redirecting victims to fraudulent websites or private messaging channels where they harvest financial details and sensitive personal information.

These operations demonstrate geographic diversity, with evidence suggesting operators based in Nigeria, South Asia, and the United States.

The threat actors deliberately target individuals susceptible to offers of physical or financial benefits, including both older adults and previous scam victims who may be seeking restitution.

Graphika analysts identified that the cross-platform structure of these scam operations enables scalability, anonymity, and effective evasion of platform moderation measures.

The threat actors deploy inauthentic personas and manipulated media to impersonate trusted figures, institutions, and brands such as the FBI and established news organizations.

By incorporating AI-generated audio, cloned websites, and repurposed authentic content, the scammers create convincing simulations of legitimacy and authority that deceive even cautious victims.

Attack Methodology and Social Engineering Tactics

The operations follow a consistent three-stage attack pattern: building trust through authoritative impersonation, ushering victims to off-platform communication channels, and extracting personal or financial data through registration forms for non-existent relief programs.

These schemes operate at high volume, deploying identical short-lived advertisements, AI automation, paid promotion, and disposable accounts that maintain operational persistence despite ongoing enforcement efforts from platform providers and law enforcement agencies.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.