Which? has spoken to dozens of people who've encountered the scam - which falsely claims celebrities have backed a bitcoin investment scheme - while browsing legitimate sites.
In many cases, the fake advertorials are convincingly designed to look like pages from the BBC or Mirror websites.
Read on to find out how the scam works, how to avoid falling for it, and why Which? is calling time on legitimate sites hosting dodgy links.
Celebrities used in these fake advertorials include Deborah Meaden and Peter Jones from Dragon's Den, Ant McPartlin of presenting duo Ant and Dec, billionaire businessmen Lord Sugar, Sir Philip Green and Sir James Dyson, presenters Simon Cowell and Holly Willoughby, and former Love Island contestant Charlie Brake.
To be clear, none of these celebrities are responsible for the fraud, but their images and reputations are being ruthlessly abused by organised scammers.
We've found countless variations of the scam still live at least three years after it first surfaced, but most of them proceed in a similar way.
Imagine you're browsing AOL.co.uk. On the sidebar you spot a picture of Dragons' Den star Deborah Meaden, with a black eye.
There's nothing obvious to suggest it's an advert - it looks like an image from a legitimate news story.
Clicking on it takes you to a news story on a third-party page, which seems like a respectable news site for investors. It describes how Meaden and her fellow dragons were impressed with a bitcoin investment scheme on an episode of the show.
The strange photo of Meaden's black eye is forgotten as you read how the dragons chose to invest and reaped the financial rewards. At the bottom of the page is a web form where you can express interest in joining the investment scheme.
Heeding the warnings that the scheme will soon close to new investors, you submit your name, email address and phone number.
A short while later, you receive a phone call from your 'investment manager'. She or he encourages you to make a surprisingly modest initial investment to purchase £250 worth of bitcoin.
By email you receive a link and login details to the 'trading platform' where your bitcoins are being held. Over the coming weeks the value of your bitcoin holdings appears to increase, and your investment manager calls you frequently, encouraging you to buy more.
When you refuse to pay anything further and mention that you're thinking of cashing out, your investment manager releases £40 to your bank account so you can 'enjoy the profits'. Reassured, you carry on investing.
Months later, you've sunk £5,000 into the scheme - although your bitcoins are valued at £50,000 on the trading platform.
Now you decide it's time to enjoy your returns, so your manager directs you to deposit their commission - a further £5,000 - into a bank account and await a phone call releasing your funds.
That call never comes.
This was the appalling experience of one Which? reader, who has asked to remain anonymous.
We've obtained exclusive data from police fraud reporting centre Action Fraud, which shows the huge scale of the problem.
There were 1,560 cases of cryptocurrency investment frauds reported in the first six months of 2019 alone. In the same period, there were 212 reports of investment fraud where celebrity endorsement was specifically cited by the victim as an enabler of the scam.
Action Fraud is a self-reporting tool now no longer used in Scotland, so it's likely that these alarming figures are in fact underrepresenting the scale of the problem.
Bitcoin is a cryptocurrency - a form of digital money which can be bought with other currencies, traded for them and (where retailers accept it) used to buy goods and services. Cryptocurrencies such as bitcoin run on a technology called blockchain - essentially a huge online database of transactions.
Blockchain's great strength is that it's considered unhackable. This is because rather than transactions being recorded on a traditional centralised database which someone could manipulate, they're recorded and updated in many locations simultaneously.
Bitcoin is far from the only cryptocurrency to be targeted by scammers. In July 2018, we explored the sometimes murky world of Unlike bitcoin, which has achieved some respectability and is accepted by some retailers, there is no guarantee that investors will be able to spend these newly established cryptocurrencies anywhere.
This scam proceeds along classic psychological principles - appealing to authority (using celebrities and trusted sites), starting out with small demands (£250) before gradually escalating and releasing a nominal sum to trick you into thinking you can get the rest.
All the traditional investment advice applies. Be extremely sceptical of grandiose claims, and seek advice from a financial adviser registered by the Financial Conduct Authority if you're not sure about something.
We're extremely concerned to hear reports of legitimate websites serving up scam adverts - some of them in recent weeks - and we put our allegations to them.
A Facebook spokesperson said: 'We don't tolerate fraud on our platform, which is why we're taking action to stop scams wherever they appear. We have donated £3m to Citizens Advice to deliver a new UK Scam Action Programme, and we have created a new scam ads reporting tool on Facebook in the UK, supported by a dedicated internal operations team.
'If people see something on Facebook they think is a scam, we urge them to report it by clicking on the top right of any ad they see.'
A Microsoft spokesperson explained that 'the issue of u201cad cloakingu201d is a challenge across the online advertising industry' and that Microsoft is 'workingu2026to address the techniques scammers use and detect, block and remove advertisements more effectively.
In the meantime, we urge customers to remain vigilant and only engage with brands they trust and recognise.'
A spokesperson for Verizon Media, the parent company of AOL and Yahoo, told us: 'Deceptive and misleading ads are not acceptable, and we expect our partners to comply with all laws, regulations and our policies.
'We will take action to block ads in violation of our policies, as well as bad actors who work to circumvent our human and automated controls.
'We have a new, simplified AdFeedback reporting tool for our users to identify anything they believe to be u201cmisleading or a scamu201d through a simple thumbs up, thumbs-down icon on ads served through our platforms that is rolling out now. Our teams will remove any ads identified and confirmed as such.