According to a report by Bitdefender, the fraud campaign saw fabricated articles run on paid adverts on Facebook in 25 countries from 9 February to 5 March 2026.
The stories impersonate both CBA and a number of journalists in the fabricated articles. According to Bitdefender, 310 malicious advertising, or malvertising, campaigns were detected, with over 26,000 ads found.
Australia was targeted by roughly 12 campaigns, according to Bitdefender, with CBA being just one of several major banks worldwide.
The falsified articles and ads were designed to draw victims into investment deposit fraud. Once drawn in, the users were redirected to scam sites where they were prompted to put their name, phone number, email address and other details in. Bitdefender added that in some cases, a broker could call and encourage victims to deposit money for investments.
To make the scam more convincing, scammers displayed fake dashboards with fake “profits” and would pressure victims to deposit high amounts, which were then next to impossible to withdraw.
To avoid detection, the scammers used advanced moderation evasion techniques, including using previews that pointed to legitimate domains for real brands as well as fake media domain farms and substituting real letters with Cyrillic homoglyph characters to bypass filters.
In response, Meta said it had launched new anti-scam tools, including alerts for suspicious friend requests, advanced scam detection for Messenger, and WhatsApp device link warnings.
It also said it had partnered with international law enforcement agencies, including the AFP, the New Zealand Police, the FBI and more for a joint operation called Joint Disruption Week, led by the Royal Thai Police Anti Cyber Scam Centre.
This resulted in 150,000 accounts being disabled and 21 people arrested by Thai police.
News of the impersonation comes just as CBA self-reported itself to Australian police after discovering what could be one of the largest fraud cases it has faced, with AI being used in the process.
The fraud racket, which the bank was first alerted to after two whistleblowers lodged complaints via CBA’s “Speak Up” fraud reporting platform, reportedly obtained roughly $1 billion in illegitimate home loans, with AI partially playing a part, according to a report by The Australian Financial Review (AFR).
The two complaints reportedly accused a lender and a mortgage broker within the bank’s private banking division of forging income statements. According to one whistleblower, the two “engaged in document forgery in order to secure home lending approvals”.
After an investigation into its internal processes, CBA reported the alleged incident to the police to determine which loans were involved in the fraud and which involved shell companies.
While neither the police nor CBA disclosed how AI was involved, a spokesperson for NSW Police told Information Age that the State Crime Command’s Financial Crimes Squad will be meeting with CBA representatives this week.
