Scammers Exploit Trusted Brands in Online Ads to Drive Traffic to Gambling Sites
Cybercriminals are impersonating well-known brands in online advertisements to lure unsuspecting users to fraudulent gambling websites, employing sophisticated tactics like AI-generated videos and fake app stores.

A widespread scam operation is leveraging the trust associated with established brands to funnel unsuspecting users toward online casinos. Instead of traditional phishing methods, these campaigns focus on online advertisements, using familiar logos and branding to trick individuals into visiting gambling sites. Researchers at Netcraft have identified these coordinated efforts, which span dozens of impersonated brands across multiple countries, indicating a significant and organized criminal enterprise.
The scam begins with advertisements appearing on social media platforms like Facebook, Instagram, TikTok, and Threads. These ads falsely claim that trusted brands, such as banks, retailers, or streaming services, have launched their own online slots or casino games. Some even feature fabricated testimonials from individuals who supposedly won large sums of money. Clicking on these deceptive ads leads users to landing pages meticulously designed to mimic official app store listings, complete with stolen logos and fake developer names.
From these fake app stores, users are guided to install what appears to be a legitimate application but is, in fact, a Progressive Web App (PWA). This PWA functions as a disguised browser shortcut. Once activated, it silently redirects the user to an unrelated gambling website through affiliate tracking links. The scammers profit from these redirects, with affiliate platforms reportedly paying between $50 and $350 for each new depositing player.
Netcraft's analysis revealed three distinct levels of sophistication in these campaigns. The most basic approach involves simply adding a brand name to a generic slots advertisement. A more advanced tactic incorporates the brand's actual logo, color scheme, and even forged screenshots of its legitimate applications. One example targeting the UK bank Monzo included a fabricated account balance and text claiming the bank had officially launched online slots, even using a real Monzo sort code to enhance credibility.
The most convincing method employs AI-generated promotional videos. These videos are professionally produced to appear as if filmed at real brand locations, featuring fake employees and authentic branding, making them particularly difficult for users to dismiss as fraudulent. Similarly, fake app store listings utilize stolen logos, invented developer names like 'Tesco Entertainment UK Limited,' and fabricated star ratings and reviews to appear legitimate.
The range of impersonated brands is extensive, covering various sectors. UK financial institutions such as Monzo, Revolut, and Barclays have been targeted, alongside major retailers like Tesco, and global entities including Amazon, Netflix, and Facebook. While many identified ads target consumers in the UK, variants have also been observed in Germany and Spain, suggesting an international reach. The operation also appears to recycle infrastructure, with domains initially used to impersonate one brand later repurposed for entirely different scam campaigns.
Once the PWA is installed, it maintains the illusion by displaying the impersonated brand's name in the browser title bar even as it loads the actual casino site. Push notifications are also used to encourage users to complete their registration, further perpetuating the deception. The underlying casino sites themselves are often legitimate gambling platforms, making them harder to take down than the initial advertising and landing pages.
Netcraft has published indicators of compromise (IoCs) related to this campaign to aid researchers and platforms in tracking and blocking the associated infrastructure. Cybersecurity experts advise users to exercise extreme caution with ads that claim familiar brands have launched gambling products, to always verify such claims through official channels, and to avoid installing applications prompted by social media advertisements. Verifying that an 'install' button leads to a genuine app store, rather than a browser shortcut, is a crucial step in identifying these scams early.