How to avoid cyber-enabled investment scams

Criminals are using advanced technology tactics to defraud you of money and data. These tips can help protect you and your family.


While anyone who socializes, conducts business or communicates digitally can be targeted by cyber criminals, investors are now the number one target for internet crime. This year, investment scams topped the FBI Internet Crime Report 2022 as the costliest of cyber crimes. Online investment scams, particularly those involving cryptocurrency, have sharply risen over the past 18 months. Americans lost $3.31 billion through investment scams in 2022, a 127% increase over the year before. The FBI Internet Crime Report also noted an uptick in criminals using social engineering tactics to target investment accounts rather than traditional bank accounts, meaning individual investors must be more cautious than ever.1

The increase in cyber investment scams has occurred as more people are investing via the quick and convenient internet, which may make them more susceptible to fraudulent investment schemes. Despite the rise in investment scams, if you know what to look out for, there are ways to protect yourself and your assets. Here’s what you need to know.

What are cyber-enabled investment scams?

Online investment scams are schemes to defraud people by convincing them to buy stocks, bonds, commodities, real estate or cryptocurrencies. The pitch, which usually comes via an unknown sender’s text message or direct messages on social media, is typically centered on sizable returns with minimal risk. The reality is often that there are no returns at all — and losses include your outlay to purchase the once-in-a-lifetime opportunity.

These scams rely on social engineering tactics. By leveraging freely available data collected from social media sites, scammers can contact targets via messaging platforms, build trust by knowing just enough about them, and promise a low-risk, lucrative opportunity. The tactics can be very convincing, with one recent, widespread where scammers impersonated Fortune 100 companies to lure people with fake investment options, using the companies’ brand reputations to trick consumers into investing.2

A graphic comparing monetary losses due to different types of cyber crime from 2022 and 2018. See link below for a full description.


New technologies, new risks

Cyber criminals are embracing new technologies to create believable fraud campaigns. Many are incorporating artificial intelligence (AI) tools into their social engineering tactics to craft realistic messages and images and create convincing fake emails, spoofed websites and applications.

Search engines, chat clients and learning systems have become go-to social engineering tools to help cyber criminals build relationships and trust with potential targets. Many criminals are automating social engineering to gather sensitive information about potential targets more efficiently. Taking it one step further, some are using realistic technology to make social engineering tactics more difficult to detect and easier to carry out.3

While cyber criminals typically rely on deception to perpetrate cyber-enabled investment scams, understanding the risks and using basic cyber security hygiene can help you avoid these cons.



For additional information on avoiding cyber-enabled investment scams, see Merrill’s Security Center and Scam page.


A private wealth advisor can help you get started.

Our advisors can help you follow your passions, build a legacy and have a positive impact on others.

Explore more of our latest thinking