Bitdefender Labs said it tracked more than 400,000 scam ad sightings tied to more than 12,000 scam campaigns across 13 APAC countries between January and April 2026. The campaigns spread through paid ads on Meta platforms and pushed users toward fake websites, phishing forms and malicious downloads.
The campaigns pushed fraudulent sites, phishing forms and malicious downloads through ads that often looked legitimate at first glance. Some featured trusted brands, familiar public figures, fake news pages or polished health claims. After the click, users were routed through one or more intermediary pages before landing on the actual scam destination.
Bitdefender said, in a report released Monday, those rotating destinations can change constantly, making the campaigns harder to detect and take down.
Health and finance scams led the dataset, accounting for 37.3% of the campaigns combined. Health-related scams were the largest category at 19%, followed closely by finance at 18%.
A fair dinkum fakeout
The report does not name a specific group behind the activity. Instead, Bitdefender described a repeatable scam ecosystem built around reused infrastructure, fake pages, redirect chains and campaign templates that could be adapted from one country to another.
That attribution caveat matters. In separate research published in March, Bitdefender said a related Meta-based investment scam ecosystem showed Russian- and Ukrainian-language signals in raw ad metadata, but the company cautioned that those indicators pointed to financially motivated criminal activity, not state sponsorship. That earlier research also described tactics such as trusted-domain preview abuse, media-brand spoofing, lookalike domains, homoglyphs and rotating Facebook pages.
Meta’s own ad rules prohibit ads that use deceptive or misleading practices to scam people out of money or personal information. The company also says it may require additional verification when advertisers show suspicious behavior or run ads in categories likely to be targeted by scammers.
Bitdefender’s findings show how difficult that policy is to enforce at scale when scammers can localize the front end of the ad while reusing the same machinery behind the scenes.
Down Under, up front
The health-themed scams targeted consumers worried about sleep disorders, snoring, respiratory problems, insurance costs, weight loss and metabolism. Bitdefender said the campaigns leaned on fake expert authority, emotional storytelling, pseudo-scientific claims and promises of hidden or suppressed cures.
As usual, the rule is simple: If the cure looks miraculous, the miracle is probably the scam.
The finance-themed campaigns followed a different lure but used much of the same infrastructure. Some impersonated platforms such as Binance, TradingView or Wise, offering bonuses, premium upgrades or desktop app downloads. Others used fake breaking-news stories involving central banks, economists or celebrities to steer users into investment schemes.
The report also flagged AI-themed investment scams that promise “AI-powered insights,” “stock diagnostics” or automated strategies rather than simply advertising guaranteed profits.
Same scam, different accent
Australia was the clear center of gravity in Bitdefender’s dataset, accounting for 52% of observed scam campaigns. India followed at 14%, Malaysia at 7%, the Philippines at 6%, Bangladesh at 4% and Singapore at 3%.
That Australia focus fits a broader pattern regulators have been warning about for years. The Australian Competition and Consumer Commission previously took action against Meta over alleged scam celebrity crypto ads on Facebook that used well-known Australians to promote bogus investment schemes.
Australia’s National Anti-Scam Centre has also tried to speed up scam-ad takedowns. In a 2024 investment scam fusion cell report, the center said it established direct reporting processes with Google, Microsoft and Meta to take down scam advertisements, advertorials or videos. The pilot referred 37 investment scam advertisements and other inducements to platforms, which helped trigger more than 1,000 takedowns across social media, video-sharing platforms and search engines.
Bitdefender said Australian scams often relied on news-style framing and familiar names to build trust. In India, the activity was more about volume, with the same message pushed through many fake accounts. In Southeast Asia, researchers saw both approaches combined, with fake apps, investment offers and impersonated brands appearing across multiple countries with only minor changes.
“In Australia, the scams often feel polished and convincing,” Bitdefender said. “In India, it’s less about storytelling and more about scale.”
The localization is part of what makes the campaigns effective. In Bangladesh, for example, scammers used local language and familiar public figures. In Singapore, some campaigns used real financial data to make fake tools look more credible. In Indonesia, low-cost offers were used to start conversations that moved quickly into private messages.
The result is a scam operation that feels tailored to local audiences even when the underlying playbook is reused across borders.
From Oz to the U.S.
Closer to the U.S., the Federal Trade Commission reported social media was the costliest contact method for fraud in 2025, with nearly 30% of people who reported losing money to a scam saying it started on social media. The FTC said people reported losing more money to scams that began on Facebook than on any other social media platform.
The FTC said scammers use social media because it gives them cheap access to large audiences, personal information users post about themselves and ad-targeting tools similar to those used by legitimate businesses.
Bitdefender said the same fake apps, investment scams, redirect chains and accounts can appear in multiple countries at once. Some campaigns appear designed from the start to operate across borders, while others spill into new markets after gaining traction.
Look twice before the click
The company said users should be especially wary of sponsored posts that invoke urgency, trusted brands, familiar names or too-good-to-be-true health and investment claims. The preview domain shown in an ad may look legitimate, but Bitdefender said many campaigns redirected users somewhere else entirely after the click.
The safest approach is still the oldest one: slow down, check the link and be suspicious of any ad that wants a fast click before the user has time to think.
Shaun Nichols is an IT news journalist. He has spent nearly 20 years covering the industry with a specialty in cybersecurity
