Partho Protim Das

Engagement editor, Dismislab
“See ads, get money” scam drives traffic to  fraudulent websites through Facebook ads

“See ads, get money” scam drives traffic to  fraudulent websites through Facebook ads

Partho Protim Das

Engagement editor, Dismislab

Abdul Mannan, a public transport worker from Narayanganj on the outskirts of Dhaka, thought he had found a way to supplement his income. After seeing a Facebook ad, he registered on a website and deposited Tk 1,000, lured by a lucrative promise: watch a few online ads each day and earn Tk 600 in return. He followed all the instructions, but no payment ever came. His deposit was gone, and the platform stopped responding to his messages.

Mannan is not alone. Dozens of websites claiming to offer daily income in exchange for simple tasks—like viewing ads—are operating across Bangladesh, promoted aggressively through Facebook ads. These platforms ask users to register and pay upfront, often under package names like “Silver” or “Platinum,” promising daily returns. In reality, they pay back nothing.

A two-day review of Meta’s Ad Library by Dismislab revealed that at least 31 Facebook pages were running paid advertisements promoting such scam websites. The ads featured Bangla-language phrases such as “অ্যাড দেখে ইনকাম করুন” (“earn by watching ads”) and “ইনকাম ওয়েবসাইট” (“income website”), targeting users looking for remote work or quick income.

The investigation found that these pages and websites operate in cycles: some disappear, others appear. While some pages were taken down after running ads, new ones emerged promoting the same or similar schemes, often within days.

From Facebook ads to fraudulent websites: How the scheme works

On May 6 and 12, 2025, a search on Meta Ad Library revealed that fraudulent advertisements run from 31 Facebook pages were directing users to 25 different websites. In several cases, multiple pages promoted the same site. One platform was advertised through at least three Facebook pages. 

As of June 24, an analysis of these websites showed that only 7 out of the 25 were active. Meanwhile, similar fraudulent campaigns are being carried out from different Facebook pages, leading users to a new set of similar scam websites (1, 2, 3, 4). On June 24, at least 31 more new Facebook pages (1, 2, 3, 4, 5) were found to be running similar deceptive advertisements. 

These Facebook ads were run through five to six-minute-long videos. In the first 30 seconds to 1 minute, they feature unrelated clips of two popular Bangladeshi YouTube channels, Shohag Khandokar and AFR Technology, each having more than four million subscribers. The original videos (1, 2) from where these clips were stolen actually discuss ways to earn money by watching and reacting to videos on Facebook. Nowhere in those videos do they make any mention of registering on any websites or depositing money. 

However, after showing the initial segments from these popular YouTubers’ videos, the rest of the scam ads show screen recordings of mobile devices, demonstrating how to register on a website, make deposits, watch ads and earn money every day in return. Clicking on the ads redirects users to a website.

These websites follow a consistent structure: users are required to register, then purchase an “income package” ranging from Tk 500 to Tk 20,000 via mobile financial services. In exchange, the sites promise a fixed daily income for completing simple tasks like watching online ads. A Tk 500 package, for instance, claims to offer Tk 300 per day for 200 days. More expensive packages, such as those costing Tk 1,000 and Tk 5,000, offer higher returns without requiring any extra effort other than watching more ads.

Registrants are lured into buying money packages on these websites — the more expensive the package, the greater the promise of income.

To test the scheme, Dismislab researchers registered on two of the advertised platforms (goldbd7.com, green75.com), and purchased the Tk 500 income package on each. Both websites claimed that users would receive Tk 300 daily in exchange for watching three to six short video advertisements. After registering, researchers were prompted to make the payment through mobile financial services such as bKash and Nagad. Once the payments were confirmed, the dashboards showed that the packages were “active” and daily tasks were unlocked.

Researchers followed all on-screen instructions over a two-day period. This included clicking through assigned video ads, confirming task completions, and attempting to “withdraw” the promised earnings through the site’s withdrawal option. 

Researchers watched three ads per day for two days and earned 600 Tk from each website. One website featured a Banglalink advertisement, while another displayed a video from Hostinger Academy. Despite completing the assigned tasks, no money could be withdrawn. Attempts to reach out using the number used for the transactions received no response. One number appeared to be switched off, while the other went unanswered over multiple days.

No customer support or contact forms were functional on either site. The “Helpline” buttons led to blank pages or inactive chat windows. 

A similar experience was shared by Abdul Mannan, the public transport worker from Narayanganj. He told Dismislab, “I deposited 1,000 Taka on the website (https://maney.live). They told me that I would be able to earn Tk 600 per day for two months through this. I followed their instructions and worked accordingly. But later, I was no longer able to withdraw any money from there.”

Patterns in Domain Infrastructure and Hosting

The websites examined in this investigation, though presented under different names and branding, demonstrate an unusually high degree of similarity. Each claims to offer an easy way to earn money by watching online advertisements. All of them open with a login screen showing a circular user avatar icon and display logos of mobile financial services such as bKash, Nagad, and Rocket at the bottom of the page.

Screenshot of landing page of such two websites

Among the 24 websites reviewed, 23 contained the same set of labeled icons: “Deposit,” “Withdraw,” “Task,” “Plan,” “Refer,” “Transaction,” “Profile,” and “Helpline.” The layout of these icons followed the same grid format across most websites, often accompanied by a YouTube-linked tutorial titled “How to Work” or a row of familiar social media icons at the bottom.

The visual and structural similarities extended beyond layout. The websites fell into five distinct design clusters. For example, bdcash24.com, goldbd24.com, and surecash24.com featured green headers, a large pink withdrawal icon at the center, and the same set of service buttons in the same order. Even more telling, four different domains reused an identical image asset named “photo_2024-08-26_16-51-15.jpg”, and at least one site—fanfare9.com—left another site’s name (“Fanfare24”) in its page text.

Another group, which included bdincome.site and clickbd69.com, used a red theme with rounded icon boxes and placed a “How to Work” video guide in the same position on the homepage.

A comparative review of WHOIS records shows that most domains were registered between April and May 2025. Many of them shared the same registrar and hosting provider. In several cases, the domains were registered within days. Five websites were registered through PDR Ltd. and hosted on the same IP address (157.173.218.201), indicating a shared infrastructure.

Fake testimonials drown out victim warnings

Even as fraudulent ads flood Facebook, some users have tried to warn others. In comment sections beneath several of the pages running these promotions, more than 100 users described the schemes as scams. At least 30 commenters said they had deposited money and received nothing in return.

One user wrote that he had expected to earn Tk 15,000 over three months by watching ads, but was never paid. Another posted simply, “They stole my 1,000 taka.” Another user commented, “Don’t trust them, I’ve lost money. They’re frauds.”

But comments like these are often buried beneath a flood of positive testimonials—many of which appear to be fake. Under a post from a page named Student Wallet, one user wrote, “Very good website, I’ve been working for a long time, trustworthy.” Another said, “Deposited Tk 1,000 in the account and withdrew a total of Tk 3,500.”

To measure the extent of the manipulation, Dismislab analyzed 4,809 comments across 10 Facebook posts advertising scam websites. The analysis identified 128 distinct comments that had each been posted more than 10 times. These repeated messages accounted for 79 percent of all comments—appearing a total of 3,782 times. The most common was: “I activated the Tk 5,000 membership three days ago and it’s still working,” which appeared 111 times from 86 different profiles.

Top Five Most Repeated Comments
CommentCount
I activated the Tk 5,000 membership three days ago and it is working till now. (Ami 5,000 Taka membership 3 Din aga Active korlam Akhon pojonto kaj kora jacci)111
Brother, I want to take the Tk 1,000 package. How can I get it? (ভাই ১০০০ টাকা প্যাকেজটা নিতে চাই আমি কিভাবে নিবো)81
I purchased the Tk 5,000 package and have received Tk 11,000 so far. (৫০০০ টাকার প্যাকেজ নিয়ে এখন পর্যন্ত ১১০০০ টাকা পাইছি)77
I have purchased the Tk 1,000 package. (আমি ১০০০ টাকার প্যাকেজ নিয়েছি।)73
I activated a Tk 2,000 membership on this website 🥰. (আমি ২০০০ টাকার মেম্বার একটিভ করলাম এই ওয়েবসাইটে থেকে🥰)70

Further review found 64 Facebook profiles that each posted more than 20 of these positive comments. Many showed signs of inauthenticity. They included few personal details, had fewer than 50 friends, and displayed profile pictures likely sourced from elsewhere online. Their timelines were mostly inactive, and messages sent to five of these accounts received no response.

Impersonating influencers to build trust

Several Facebook ads promoting scam websites begin with brief video segments taken from well-known Bangladeshi YouTubers, including Shohag Khandokar and AFR Technology—each having more than four million subscribers. These clips typically appear in the first 30 seconds to one minute of the ad and are used without permission. In the original videos, the creators discuss general online income strategies, such as reacting to videos on Facebook to earn money. None of the content endorses or mentions third-party websites, nor do the YouTubers ask viewers to make any financial deposits.

After these recognizable faces appear, the ads shift to screen recordings showing step-by-step instructions for how to register on a scam website, choose an “income package,” deposit money, and begin earning by completing daily ad-watching tasks. The format gives the impression that the influencers are affiliated with or recommending the platforms—though they are not. The sequence is designed to build trust quickly, leveraging the influencers’ credibility to legitimize the offer.

In several cases, the scammers went a step further. Some Facebook pages used names closely resembling the original YouTube channels, including variations such as AFR Technology, AFR technology 0.0, AFR Technology 07, Sohag Khondkar, Sk Sohag Khondkar, Sohag Khondkar 02. These pages typically began running ads within hours of being created. For example, a page named Online Income Tips was created on May 4 and began promoting a scam website on the same day. Another page, AFR Technology 07, was created on May 11 and started running ads that same day.

Screenshot of Facebook page transparency section (left) and ads from this page (right), which shows the Facebook page impersonating popular content creator Shohag Khandokar was created on 21 May (left) and began running ads promoting a fraudulent website on 23 May.

Most of these pages remained active for a short time. Several were taken down or went offline after running ads for a few days. In some cases, nearly identical pages reappeared shortly afterward. One ad campaign that began on May 11 from a page called Income Tips stopped after the page was deactivated. Two weeks later, ads with the same script and structure resumed on May 25 from another page also named Income Tips, created that very day. Dismislab was unable to verify whether the two pages were operated by the same person or group, but the timing and content suggest a recurring pattern.

A page named Income Tips started running ads on May 11 (left). Later, the page was removed, but a page with the same name started running ads on May 25 (right).

Shohag Khandokar, one of the influencers whose videos were reused, told Dismislab that he regularly encounters such misuse of his content. “Sometimes I report them,” he said. “But similar videos keep coming from new pages.”

Scam ads violate Meta’s core policies

The scam campaigns uncovered in this investigation violate at least two of Meta’s stated advertising policies: one on authentic identity and another on fraud and deceptive practices.

First, several Facebook pages used names and stolen video clips from well-known YouTubers such as Shohag Khandokar and AFR Technology, falsely implying their endorsement. This violates Meta’s Authentic Identity representation policy, which prohibits the use of someone else’s name, image, or likeness to mislead others.

Second, the core structure of the scheme—promising online income in exchange for an upfront deposit—breaches Meta’s Fraud and Deceptive Practices policy. This rule explicitly forbids content that offers earnings while requiring advance fees or misleading users about financial outcomes.

Despite these violations, the ads ran for days or weeks in some cases, many without detection. Pages promoting the scams were often only removed after running multiple paid promotions. In several cases, replacement pages using similar names and identical content reappeared within days.

These are not isolated incidents. In the past, Facebook ads targeting Bangladeshi users have promoted other types of fraud, including false investment platforms and health scams. While ads related to alcohol and drugs are restricted in Bangladesh, scam operations have used such categories to bypass filters.

Globally, similar failures in Meta’s enforcement systems have been documented. In India, a user reportedly lost 1.7 million rupees to a social media income scam. In Australia, scammers used deepfake videos of celebrities in Meta ads to promote fraudulent investment schemes. In both cases, Meta was notified, but the ads continued to circulate.

Ken Gamble, a cybercrime investigator with IFW Global, described the tactic in an interview with The Age: “They’re using the honeypot method—putting up an advert on Facebook. Then a person clicks, registers their interest, and the journey of being scammed begins.”

Australian Financial Services Minister Stephen Jones added: “We want them to verify their advertisers. We want them to pull down the fake ads, and then we want a rapid response to reliable reports. They know that. They could do that today. They just choose not to.”

Methodology

This investigation was conducted by Dismislab between May 6 and May 18, 2025. Researchers used Meta’s publicly accessible Ad Library to identify Bangla-language Facebook advertisements promoting online income schemes. Searches were conducted using common scam-related phrases such as “অ্যাড দেখে ইনকাম করুন” and “ইনকাম ওয়েবসাইট.”

Over the course of two separate search days—May 6 and May 12—researchers identified 31 Facebook pages running scam advertisements. Metadata including page creation dates, ad run times, and linked websites was recorded for each. Follow-up searches revealed patterns of page disappearance and reappearance, indicating a rotating ad strategy.

The 25 websites promoted through these ads were visited and analyzed. Source code, image assets, payment instructions, and visible contact numbers were reviewed. Three websites were found to use the same phone number; others shared identical media files.

To assess the platforms’ performance claims, Dismislab registered on two websites and purchased Tk 500 packages via mobile financial services. No earnings were received, and all attempts to contact the payment numbers went unanswered.

Researchers also collected and analyzed 4,809 comments from 10 scam-related Facebook posts. Repeated comment patterns were mapped, and accounts responsible for high-frequency posts were reviewed for signs of coordinated or inauthentic activity. At least 64 accounts posting repeated positive feedback matched known indicators of fake profiles, including minimal personal content, low friend counts, and likely-stolen profile pictures.

YouTube videos used in scam ads were traced back to the original channels, verifying that they were edited and used without permission.

All findings were compared against Meta’s current advertising policies on impersonation, fraud, and advance-fee income schemes.