An organised network operating from the former Soviet state of Georgia has scammed thousands of savers from the UK, Europe and Canada out of $35m (£27m) after they fell for fake celebrity adverts on Facebook and Google that the government promised to outlaw three years ago.

Deepfake videos and fictional news reports featuring the money expert Martin Lewis, the radio DJ Zoe Ball and the adventurer Ben Fogle were used to promote fraudulent cryptocurrency and other investment schemes. The scammers are understood to have still been contacting victims in recent weeks.

UK citizens were the hardest hit, accounting for a third – about £9m – of the money taken.

The fraud was exposed by a huge leak of scam call centre data to the Swedish public broadcaster SVT, which then shared the files with the Organized Crime and Corruption Reporting Project (OCCRP), the Guardian and other international reporting partners.

The UK government has introduced a new set of laws aimed at protecting children and adults online. However, while the online safety act has been passed into law and scam posts could soon prompt fines, the sections relating to fraudulent advertising by organisations are not expected to become active until next year.

Cases of authorised push payment (APP) fraud – when a victim is tricked into sending money directly from their account – rose by 12% to more than 230,000 in 2023, according to the most recent figures from the trade body UK Finance, although the total money lost dipped.

The leak, which contains over 1m recordings – including long exchanges with victims scammed out of significant amounts of money – allows rare insight into exactly how scammers created havoc in the lives of their victims. And it raises fresh questions about how successful governments, banks and technology companies have been in combating these frauds.

Operating from three office blocks in Tbilisi and referring to themselves as the skameri, Georgian for scammers, a group of about 85 well-paid call centre agents has persuaded pensioners, employees and small business owners to transfers millions out of their savings accounts.

Since May 2022, the data suggests this industrial scale boiler room fraud duped around 6,000 people across the globe out of $35m (£27m). A separate dataset contained in the leak indicates that close to half – 45% – of attempted calls placed by the scammers were made to UK numbers.

Of about 2,000 victims who were persuaded to part with the largest sums, 652 were based in the UK. The fake adverts, which often reference the billionaire Elon Musk, appear to have been placed by affiliate marketers, who communicated anonymously with the scammers and earned fees by gathering the contact details of potential victims.

In one call, the victim – a former NHS doctor in her 70s who was living in sheltered housing in London and spent more than 55 hours on the phone to the scammers – pleaded with the call centre: “I’ve used up every penny of my savings, I have nothing. And I can’t survive like that. My brother is already asking me for the money I have borrowed from him back.”

The records suggest this victim lost about £50,000. She is thought to have died shortly after her final contact with the call centre last summer.

The most-called UK victim, a retired London Stock Exchange employee, spent more than 135 hours on the phone and was persuaded to part with more than £162,000 in savings. The identities of thousands of people targeted in the UK, Europe and Canada are revealed in the data cache, along with details of the riches awarded to call centre operatives, who spent money on Rolex watches, Range Rovers, Cartier jewellery and lavish staff parties.

Scammers can be heard in the leaked calls putting pressure on victims to open accounts with firms including Revolut and Chase, and the data shows the extent to which the new generation of online banks and payment services were used to process these payments.

Revolut, which received a UK banking licence last year, was the most mentioned, with 119 customers out of 403 listed in an internal Georgian call centre spreadsheet detailing the banks used by the scammers’ most seriously targeted UK victims. Another digital lender, Kroo, which also has a UK banking licence, was involved with 50 victims, according to the same sheet, while Chase, an offshoot of the blue chip banking group JP Morgan, was associated with 14 cases.

Revolut, Kroo and Chase said that they took fraud very seriously and invested heavily to combat an industry-wide problem. A Revolut spokesperson added: “Across our UK customer base in 2023, we found that 60% of all reported scam cases originated on Meta owned platforms like Facebook and WhatsApp. Yet these firms have no role in warning customers of such scams, nor reimbursing victims.”

Fogle, Lewis and Ball publicly spoke out against the deepfake videos last year. The sham adverts have been widely known to be an issue since at least 2018, when Lewis launched a high profile legal claim against Facebook, which had published dozens of false investment stories featuring his face and name. The money-saving expert dropped the lawsuit nine months later after Facebook agreed to donate £3m to set up an anti-scam project with Citizens Advice and launch a UK-specific one-click reporting tool.

The MP Chi Onwurah the chair of the Commons science, innovation and technology committee, said: “The committee is currently investigating the spread of misinformation online. Our inquiry has raised significant concerns about the effectiveness of the Online Safety Act in tackling bad practices online, threats from AI and issues with the online advertising ecosystem. This case shows the urgency of addressing the shortcomings of the OSA to ensure that it can protect the public and ensure their online safety.”

A government spokesperson said: “Scammers who trick people into parting with their money are committing a criminal offence and should be punished. But social media companies also have a responsibility to ensure their sites are not providing a platform for such material intended to rip the public off.”

A Meta spokesperson responded saying it was against company policies to run ads that “promote or facilitate scams”. They said: “Everyone needs to work together to tackle these sophisticated scams, which is why we created the Fraud Intelligence Reciprocal Exchange (FIRE) program to allow banks and financial institutions to share information and better combat this problem. We invite Revolut to be a part of this effort.”

Google said: “Protecting users is our top priority and we have strict ads policies that govern the types of ads and advertisers we allow on our platforms. We enforce our policies vigorously, and if we find ads that are in violation we remove them.”