False Endorsements, Real Losses

The Rise of AI-Enabled Financial Scams in India

June 2025

www.atheniantech.com
Table of Contents
The Threat 03

Domain Details 08

Threat Analysis 09

Recommendation 11

Conclusion 11
The Threat
Off late India’s digital landscape is encountering an increasing wave of financially motivated deception techniques.
This wave is largely a result of coming together of many factors, primarily from emerging technologies, like synthetic
media, impersonation and AI-enabled frauds. In this specific case of Go Invest investment scheme, which initially
emerged in the form of isolated incidents isolated incidents has now crystallized into a broader, coordinated
campaign—one that systematically exploits figures with authority, institutional branding, and public sentiment.

The initial wave emerged with the circulation of deepfake videos featuring Google CEO Sundar Pichai. In these AI-
generated clips, Pichai is falsely portrayed as endorsing a platform called Google Invest, described as a government-
supported initiative offering unusually high returns of over ₹10 lakh per month on a one-time investment of ₹21,000.
These videos, created using AI-simulated speech and facial reconstruction, were designed to appear authentic, thus
manipulating unsuspecting viewers into trusting the scheme.

In its more evolved form, the fraud has assumed a sophisticated disguise. A recent campaign replicates the layout
and typographic style of the Times of India website to lend journalistic legitimacy to a platform named Go Invest.
Misusing the image of Prime Minister Narendra Modi, the article asserts that the investment model is officially
endorsed and powered by artificial intelligence (AI). Although branded as Google Invest, all embedded links redirect
users to the fraudulent Go Invest platform.

Further investigations indicate that the same ecosystem has also released a deepfake video of the Union Finance
Minister, Nirmala Sitharaman. In the video, she appears to be endorsing another fictitious initiative called InvestGPT.
The video, similar in structure to the earlier clip of Sundar Pichai, employs manipulated lip-sync and voice synthesis
to simulate endorsement, reinforcing a now-familiar strategy that relies on public trust in institutional figures.

A more recent variant has emerged under the banner of Cryptify Flows, once again using the cloned TOI format. This
version falsely claims that the Union Finance Minister Sitharaman, along with Infosys co-founders Narayana Murthy
and Sudha Murty, jointly launched a government-backed platform promising daily payouts of ₹1.9 lakh. It also goes
further by citing false affiliations with the State Bank of India (SBI), Microsoft, & IBM, suggesting that the platform is
technologically validated and officially integrated.

These fabricated narratives are often supported by testimonials from everyday citizens, such as shopkeepers and
workers, who describe the financial transformations they’ve achieved through the platform. Claims of early
retirement, clearing debts, and purchasing a new car contribute to an emotional script designed to create urgency
and trust. Registration is depicted as time-sensitive and “free under a government initiative,” which further
encourages users to take impulsive action.

Collectively, these cases indicate a significant shift in cyber-enabled fraud. By merging cloned media interfaces,
high-profile impersonations, deepfake videos, and emotionally persuasive messaging, the perpetrators have blurred
the lines between reality and fabrication. The success of such operations depends not on technological complexity,
but on their strategic use of social engineering and psychological triggers that exploit trust.

This evolving threat landscape underscores the urgent need for platform-level detection mechanisms, effective
regulatory oversight, and heightened public awareness. As synthetic media tools become more accessible, the
responsibility lies equally with users, platforms, and authorities to question, verify, and report before belief
transforms into loss.

03
Key Indicators and Threat Behaviour
Cloned TOI Article UI: A fabricated article claims PM Modi has backed “Google Invest” to raise citizens' income.
False Government Endorsement: Utilizes the Prime Minister’s name, national symbols, and counterfeit Ministry
of Finance branding.
Use of Deepfake Content: An AI-generated video features Union Finance Minister Nirmala Sitharaman promoting
a platform called “InvestGPT,” indicating broader deepfake-enabled scam operations.
Brand Impersonation: The platform displayed is “Google Invest,” but it redirects to “Go Invest,” a fraudulent
clone.
Fake Testimonials & Comments: These contain made-up stories of Indians earning lakhs in just a few days.
Social Engineering Tactics: Creates urgency through limited-time offers (e.g., “Registration closes on 04 June
2025”).
Anonymously Registered Infrastructure: Utilizes a Turkish registrar and Russian DNS to obfuscate attribution.

Malicious Website URL

https://conmediate.com/
https://x.com/tikadewimustika/status/1929899253570150890?t=S9mQfYPgDK-E2wM3YHk3qA&s=19
https://dnhrvuickdz20pb.duplicateaie.com/
https://qaxagl5mfhhf3i3.duplicateaie.com/
https://threeunlessbasic.mom/click?
key=685eb643c64f47ab59a3&utm_term=D2&utm_campaign=ASVD&utm_content=threeunlessbasic.mom
https://x.com/dodoluna1/status/1929706554242355465?t=qMapXWLJENqBtLGMkeSiNA&s=08

04
Figure 1: Fabricated promotional graphic falsely featuring Union Finance Minister Nirmala Sitharaman, Infosys founder Narayana Murthy, and PM
Modi. The graphic also misuses official logos of SBI, Infosys Technologies and the Ministry of Finance, Government of India to mislead and
legitimize the “Go Invest” platform.

Figure 2: Screenshot of a fake article shared on social media (X), falsely claiming that the Indian PM endorsed the “Go Invest” platform

05
 Figure 3: Fake platform impersonating Google Invest to lure users with false income promises.

Figure 4: Fabricated Times of India article falsely linking top Indian figures to a scam promising returns of ₹1.95 lakh/month.

06
Figure 5: Misleading tweet featuring Narayana Murthy used to imply a government-backed AI investment scheme.

07
Domain Details

Attribute Detail

Scam Branding Google Invest / Go Invest / Cryptify Flows / InvestGPT

conmediate.com, duplicateaie.com,
Malicious Domains https://threeunlessbasic.mom/click?
key=685eb643c64f47ab59a3&utm_term=D2&utm_camp
aign=ASVD&utm_content=threeunlessbasic.mom

Redirect Landing Page https://dnhrvuickdz20pb.duplicateaie.com/

Registrar Atak Domain Bilgi Teknolojileri A.Ş., Turkey

Name Servers ns1.timeweb.ru, ns2.timeweb.ru

Registered On 19 May 2025

Updated On 20 May 2025

08
Threat Analysis
This scam under review represents a well-coordinated, multi-layered fraud campaign that strategically exploits
public trust in institutions, technology brands, and the country’s most respected public figures. At its core lies a
methodical tactic: high-profile impersonation. Through carefully constructed digital assets—ranging from cloned
news interfaces to AI-generated video content—threat actors simulate the credibility of national leadership and
media authority, misleading users into what are, in effect, AI-branded investment traps.

Cloned Media as the Entry Point

A recurring structural feature of the scam is its imitation of the Times of India website layout. These fake articles
feature prominent national figures, including Prime Minister Narendra Modi, Union Finance Minister Nirmala
Sitharaman, Narayana Murthy, and Sudha Murty. Their names and images are exploited to lend credibility to
platforms like Google Invest, Go Invest, InvestGPT, and the newly emerged Cryptify Flows. Each of these campaigns
falsely claims government support and employs emotionally resonant language to position itself as a means for
economic empowerment.

When engaging with the embedded links in these fraudulent articles or promotional content, users are redirected to
fake investment portals—often hosted on infrastructures registered outside India, including those in Turkey and
using Russian DNS servers. Although branded as “Google Invest,” the domain typically directs users to a replica site
titled Go Invest, which has no actual connection to Google or any licensed financial entity.

The Deepfake Escalation

A matter of particular concern of the present this fraud campaign is the deployment of deepfake videos. In one
instance, Union Finance Minister Nirmala Sitharaman is digitally manipulated to appear as if she is endorsing a
platform known as InvestGPT. In another, Google CEO Sundar Pichai is seen promoting the original Google Invest
scam. These AI-generated videos leverage voice cloning, synthetic lip-syncing, and visual overlays to produce
content that convincingly mimics official statements.

The implications of such synthetic media are profound:

They create a misleading sense of legitimacy by depicting trusted public figures.
They blur the boundaries between authentic and manipulated communication, distorting public perception.
They inflict lasting reputational damage—even after removal—by spreading doubt and misinformation across
digital channels.

09
Cryptify Flows: A New Variant
The latest evolution of the campaign is a platform titled Cryptify Flows, once again launched under a cloned Times
of India article format. This iteration falsely claims that Nirmala Sitharaman, Narayana Murthy and Sudha Murty are
co-creators of an AI-based financial platform that offers automated daily income payouts of ₹1.9 lakh. The article
further enhances its legitimacy by referencing purported integrations with the State Bank of India and support from
global tech firms, including IBM, Microsoft, and OpenAI—all of which are entirely fabricated.

These narratives are accompanied by emotionally persuasive testimonials—seemingly from everyday citizens such
as shopkeepers and labourers—who claim to have experienced life-changing financial outcomes. Each story centres
around a simple entry point: a ₹21,000 investment that results in early retirement, debt clearance, or the purchase of
a new vehicle.

Key Red Flags and Indicators

The sophistication of this scam lies in its layering of multiple deceptive elements:

Unrealistic ROI Promises: Claims of returns exceeding ₹10 lakh in a single day, without any financial
justification.
Fake User Interfaces: Screenshots depicting inflated wallet balances or auto-credited earnings.
Scripted Testimonials: Social proof generated through fake comments and review sections, carefully staged to
mimic authentic user feedback.
Urgency-Based Messaging: Phrases like “limited slots available” or “registration closes today” are used to
trigger impulsive decision-making.

A New Class of Digital Fraud

This operation indicates a shift, akin to cyber-enabled scams, from traditional phishing to psychologically engineered
deception driven by synthetic media. It represents not just a case of financial fraud, but an orchestrated effort to
manipulate public trust on a large scale through digital facsimiles of authority. The goal is to bypass rational scrutiny
by appealing to emotional urgency, national pride, and digital legitimacy—all in a format that mimics the
trustworthiness of established institutions.

The response, therefore, must extend beyond domain takedowns. What is required is a coordinated strategy that
encompasses early detection mechanisms, robust user education, media verification protocols, and stronger
accountability from platforms that host such content. In an age where seeing is no longer enough to believe,
vigilance must become the default posture.

10
Recommendation
Report the domain to CERT-In and other cybersecurity authorities for immediate takedown.
Notify the domain registrar and hosting provider to suspend the website.
Block the URL within networks to prevent users from accessing it.
Raise public awareness about such scams through social media and official advisories.
Monitor for similar domains that may copy this scam to continue fraud under new names.

Conclusion
The investigation into this fraudulent campaign reveals a disturbing evolution in cyber-enabled financial scams—one
that combines cloned media, synthetic endorsements, and AI-generated deception into a singular, scalable threat. By
systematically leveraging the likenesses of national leaders, tech icons, and institutional brands, the perpetrators
have manipulated public trust through familiarity, urgency, and emotional appeal.

What distinguishes this operation is not only its technical layering—through deepfakes, spoofed news layouts, and
fabricated testimonials—but also its psychological sophistication. Each component is crafted to short-circuit critical
judgment and fast-track user engagement, often leading to irreversible financial loss.

The use of deepfake technology, foreign-registered infrastructure, and misappropriated identities signals a new era
of cyber fraud, where misinformation is no longer spread merely through words but is convincingly acted out by
synthetic replicas of real people. As such threats become increasingly difficult to detect in real-time, the burden of
defense cannot rest solely on users.

11
Contact Us

www.atheniantech.com