Threat actors are scaling impersonation-driven fraud by abusing trust signals—public figures, brands, and platform distribution—to lure victims into handing over money or sensitive information. One documented operation used celebrity impersonation tailored to Canadians, selecting locally relevant public figures and using social media ad targeting (e.g., geolocation and profile-based targeting) to constrain exposure to the intended country and increase conversion; the campaign also leveraged emotionally manipulative narratives (e.g., injury/misfortune) to accelerate engagement and reduce skepticism.
In parallel, domain-based impersonation (“digital squatting”) has increased materially, with reporting citing a 68% rise over five years and WIPO recording 6,200 domain disputes in 2025. Common techniques include typosquatting, combosquatting, TLD squatting, and homograph attacks, which route users to phishing or fraudulent payment pages that mimic legitimate brands; the trend is also driving reputational harm when victims receive low-quality or nonexistent services. Recommended mitigations emphasized in reporting include proactively registering defensive domains across multiple TLDs and monitoring for lookalike domains to reduce brand impersonation risk.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
Flare described a large-scale operation using paid social media ads, fake CBC-branded news pages, and fraudulent investment platforms to target Canadians. The campaign relied on unauthorized celebrity imagery, emotionally manipulative headlines, rotating registration pages, and extensive redirect infrastructure involving hundreds of thousands of domains.
WIPO recorded 6,200 domain disputes in 2025, described as a record level. Reporting says this total represents a 68% increase since 2020, underscoring the growth of digital squatting scams affecting businesses and brand reputation.
The Flare analysis cites 2024 estimates that global losses from online scams surpassed USD $1 trillion, while noting underreporting likely means the true impact is higher. This provides broader context for the scale of fraud ecosystems supporting impersonation and investment scams.
WIPO-referenced reporting indicates domain squatting scams increased substantially over the following five years, with 2025 levels later measured as 68% higher than in 2020. The activity included typosquatting, combosquatting, TLD squatting, and homograph attacks used to impersonate brands and steal credentials or payments.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
flare.io
Open sourcescworld.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.