What do a woman from Indiana, a woman from California, a woman from Australia, and a man from Kentucky have in common? They all fell victim to the same cryptocurrency scammer and had their driver's licenses and/or money stolen. At the end of the article, I will talk in detail about how one person I was able to talk to became a victim of this scammer.
The scam I'm about to talk about is often referred to as a type of "pig butchering" scam. Namely, for the concept of fattening a pig before sending it to slaughter. However, in this case, the scammers are not fattening the pig, but lining their own pockets. These scams come in several different forms, but I have seen this type of scam implemented so often that I believe it is becoming more common and decided to look into the matter.
I've written briefly about them before, but I wanted to take another look at what these sites look like and how they work. While researching a site that may have targeted my company, I, like many before me, became convinced that by creating an account on the site, you gain access to what appears to be a cryptocurrency trading platform.
Often such sites claim to offer significantly higher incomes in a relatively short period of time. For long-time cryptocurrency holders, the current market does certainly not support this assertion. However, for the average end user this can be quite compelling.
The design of these sites can be very different. I have seen very low quality sites, high quality sites, and even sites that cloned legitimate sites and changed their branding to their own. They usually look like they've been worked on to make them appear semi-legal to the untrained eye.
A person who reaches this site, usually through fake social media accounts created by scammers (more on this later), is asked to create an account and make an investment as a first step. Externally, the sites look rather unassuming, but it is after creating an account that you can see where the real fraud is happening
So, you proceed to create an account on the site. Typically, although not always, links to items such as Terms of Use and Privacy Policy do not work. When you click on them, you are taken to a "404 - Page Not Found" page. In other cases, I have seen these links work, but when you go to read them, they are clearly copied and pasted from another scam site, or a site with completely different branding or title indicating ownership of the documents. However, in this case they simply do not work. Bad sign.
When you first log in, you will be asked to upload a photo of the front and back of your government-issued ID. It is worth noting that for some this is an alarming signal, but for others it is commonplace. Most cryptocurrency exchanges, at least in the US, require proof of identity for tax purposes. However, unfortunately, since we are talking about scammers and not professionals, when a victim uploads photos of their ID here, they end up in the unprotected "Uploads" directory. Anyone who knows how to find it can view it along with photos of all their IDs.
So your ID is uploaded, you're "verified" and you want to start earning that sweet cash! We have a fancy trading dashboard filled with widgets displaying reliable information from sites like TradingView and our balance if we had deposited money. At this stage, money can be made, and we need to contribute it.
So I go to the deposit screen and the template for this particular scam offers two deposit options: Bitcoin or Bank Transfer.
In almost all the scams you will come across with a fake trading platform like this, Bitcoin will be the main option. This site offered a really interesting alternative - bank transfer. It was interesting, in particular, because it contained full account details to be sent to Bank of America.
At this point, this was the amount of information I could usually gather about a site without committing money to it. Given that I had access to IDs uploaded by people who used the site, I decided to try to contact one of them to get more information and report the scam, which turned out to be still going on. In the end, the woman turned out to be an invaluable help and provided me with a lot of additional information about what happens to these people after they become victims. Let's take a quick look at some of the red flags I noticed on these sites and then listen to her story.
Most, and I mean the vast majority of sites I've come across using this model have a "Google Translate" bar at the top of the page to quickly switch languagesfor visitors. This is not a common feature of most sites, at least not in the way these scammers use it.
Next, we'll look at contact information, which is typically located at the bottom of the page or on the Contact Us page in the site navigation. Many of these sites create the same site under multiple domains and names to defraud customers en masse. If one site doesn't work, maybe another will. So, let's take the phone number of this site and throw it into Google.
There are more than three sites that list this phone number, but for the sake of brevity I decided to list only a few of them. Three different sites, same contact information. If you're wondering what you'll see if you go to any of these sites, it's the same web page down to the last detail. Only the name of each of them has been changed. These scammers are very effective.
Another thing to check is whether the links on the page are working. Does it have links to social networks? Do they work? Do the Privacy Policy and Terms of Use links work? If they don't work, this could be a significant sign. Even if a site is not malicious, you should never register and agree to terms of use or a privacy policy that was not, at the very least, provided to you. We all know you don't read them, but at least check if they exist.
Lastly, which is not an essential feature but may be, always take some time to read the site. Does it have common spelling errors? Is the wording a bit unfortunate or too general? Are they making promises of financial returns that seem too good to be true? I'd like to change the popular phrase "If it seems too good to be true, then it probably is" to "If it seems too good to be true on the Internet, then it probably is" ".
Imagine spending time on social media every day, scrolling through new posts in your Facebook group of like-minded women united by the idea of financial independence. Of course, new faces often appear in such a group, joining other women who have already become or hope to become financially independent.
And then one day a particularly evil “woman” appears in the group. She begins to promote her successful investment endeavors and wants to help other women. After attaching photographs of her enjoying the material luxury gained through her success, she begins to reach out to the other group members with an offer to help them too. They are then added to a group message created by the scammers with them and all the victims. Offer: sign up, I will trade for you, you keep 80% of the profits, and I keep 20% for myself to be able to trade in large volumes. Contribution? Minimum $1,000, all the way up to the VIP level where you can invest $100,000 and earn exponentially on your investment every day.
Fortunately, we got in touch in time, as the attack continued and pressure from the “investor” began to increase. After all, why stop at $1,000 if you've already succeeded once? Her story continues.
The scammer began to put pressure on her, demanding to invest even more funds in order to join the VIP level and significantly increase her income. The scammer insisted that she invest $100,000 because she had already seen the success of her smaller investment. When the victim became unsure, the scammer assured her that she could simply “borrow” the money (ie, take out a loan).
Another piece of the puzzle that I could only guess at and that she helped me confirm was that I naturally knew that she would never be able to withdraw her money. But I didn't know how they would explain it. It turns out that in this particular situation, this scammer (or scammers) were so engaged in their scheme and how to extract money from people that they actually charged a fee for initiating the withdrawal. The size of this commission was .005 BTC (Bitcoin).
This way, not only will the scammers be unable to withdraw the money because they realize their scheme has failed, but they will also find a last-ditch way to rob their victims, who will try to get their money before they realize it won' t happen. You and any potential victim reading this article should know that your money will not come back to you. They simply ignore you, make excuses to customer support, or even spoof fake legal notices in your email, notifying you that withdrawal activity is suspicious and under investigation.
Scammers are still active in this Facebook group and are driving traffic to this site and others I have identified (which are in the deletion queue as I write this article). The victim provided me with information about several Facebook profiles as well as messages she had observed from future victims, which I am working diligently to contact and help prevent further losses while I try to clean up this.
The victim ends up in a chat room (the origin and platform are not specified), where he is approached by a charming young man. The group's goal is announced to learn more about cryptocurrency. I'd like to suggest renaming it to something more accurate, like "Learn About Cryptocurrency by Having the Worst Possible First Experience." But I digress.
He makes many of the same statements: let me invest for you, get big returns, here's the website, blah blah. Everything that is familiar to us. However, there were some differences in this scam. The site was in Chinese, with some parts in English and others in Chinese. People were told to install an “app,” which was actually a mobile website designed to look and feel like a mobile app on a phone. The site provided "levels" of investment, with the more you invest, the higher the return.
However, in this case, the victim was disarmed by the casual nature of the man who approached her and the fact that he did not demand money, but used an “app.” Unfortunately, the reason these campaigns are so common and continue to appear daily is because they work. The victim transferred $50,000 in ETH to an in-app wallet. The money she took as collateral for her house. That's how evil these people are. While they cheat and steal, people lose a significant portion of their assets, and some of them will not be able to recover them for a long time, if at all.
There is no withdrawal option in this “app” at all, but rather directs you to “Customer Support” where you will have to communicate with the scammers in order to withdraw your money. A withdrawal that ultimately never happens. In this case, they said the account had been flagged for financial crime or fraud investigation. They went so far as to send her a fake email from a Gmail account claiming money laundering, and then demanded even more money, 30% more, to “verify” it. These people are relentless and unforgiving.
While some of us may be more aware or trained to recognize such items, the reality is that many people are still unable to recognize such scams. We cannot blame people who are victims of such scams, and we should not do so if they really lost money because of these people. All we can do is continue to inform and educate. Fight the bad guys, continue to destroy their new sites and accounts and make their lives as hellish as their victims.
The scam I'm about to talk about is often referred to as a type of "pig butchering" scam. Namely, for the concept of fattening a pig before sending it to slaughter. However, in this case, the scammers are not fattening the pig, but lining their own pockets. These scams come in several different forms, but I have seen this type of scam implemented so often that I believe it is becoming more common and decided to look into the matter.
I've written briefly about them before, but I wanted to take another look at what these sites look like and how they work. While researching a site that may have targeted my company, I, like many before me, became convinced that by creating an account on the site, you gain access to what appears to be a cryptocurrency trading platform.
Often such sites claim to offer significantly higher incomes in a relatively short period of time. For long-time cryptocurrency holders, the current market does certainly not support this assertion. However, for the average end user this can be quite compelling.
The design of these sites can be very different. I have seen very low quality sites, high quality sites, and even sites that cloned legitimate sites and changed their branding to their own. They usually look like they've been worked on to make them appear semi-legal to the untrained eye.
A person who reaches this site, usually through fake social media accounts created by scammers (more on this later), is asked to create an account and make an investment as a first step. Externally, the sites look rather unassuming, but it is after creating an account that you can see where the real fraud is happening
So, you proceed to create an account on the site. Typically, although not always, links to items such as Terms of Use and Privacy Policy do not work. When you click on them, you are taken to a "404 - Page Not Found" page. In other cases, I have seen these links work, but when you go to read them, they are clearly copied and pasted from another scam site, or a site with completely different branding or title indicating ownership of the documents. However, in this case they simply do not work. Bad sign.
When you first log in, you will be asked to upload a photo of the front and back of your government-issued ID. It is worth noting that for some this is an alarming signal, but for others it is commonplace. Most cryptocurrency exchanges, at least in the US, require proof of identity for tax purposes. However, unfortunately, since we are talking about scammers and not professionals, when a victim uploads photos of their ID here, they end up in the unprotected "Uploads" directory. Anyone who knows how to find it can view it along with photos of all their IDs.
So your ID is uploaded, you're "verified" and you want to start earning that sweet cash! We have a fancy trading dashboard filled with widgets displaying reliable information from sites like TradingView and our balance if we had deposited money. At this stage, money can be made, and we need to contribute it.
So I go to the deposit screen and the template for this particular scam offers two deposit options: Bitcoin or Bank Transfer.
In almost all the scams you will come across with a fake trading platform like this, Bitcoin will be the main option. This site offered a really interesting alternative - bank transfer. It was interesting, in particular, because it contained full account details to be sent to Bank of America.
At this point, this was the amount of information I could usually gather about a site without committing money to it. Given that I had access to IDs uploaded by people who used the site, I decided to try to contact one of them to get more information and report the scam, which turned out to be still going on. In the end, the woman turned out to be an invaluable help and provided me with a lot of additional information about what happens to these people after they become victims. Let's take a quick look at some of the red flags I noticed on these sites and then listen to her story.
Red flag
I will not say that all this guarantees the presence of a fraudulent site. However, there are many common themes that are repeated over and over again that I would like to specifically mention to help people recognize these scams more easily if they can take 5-10 minutes to pause and double-check a few things.Most, and I mean the vast majority of sites I've come across using this model have a "Google Translate" bar at the top of the page to quickly switch languagesfor visitors. This is not a common feature of most sites, at least not in the way these scammers use it.
Most sites I've seen this scam also have a Live Chat widget that quickly lets you know someone is available to help you as you navigate the site. Most often, both the Google Translate panel and the Live Chat icon are present on the page.
Next, we'll look at contact information, which is typically located at the bottom of the page or on the Contact Us page in the site navigation. Many of these sites create the same site under multiple domains and names to defraud customers en masse. If one site doesn't work, maybe another will. So, let's take the phone number of this site and throw it into Google.
There are more than three sites that list this phone number, but for the sake of brevity I decided to list only a few of them. Three different sites, same contact information. If you're wondering what you'll see if you go to any of these sites, it's the same web page down to the last detail. Only the name of each of them has been changed. These scammers are very effective.
Another thing to check is whether the links on the page are working. Does it have links to social networks? Do they work? Do the Privacy Policy and Terms of Use links work? If they don't work, this could be a significant sign. Even if a site is not malicious, you should never register and agree to terms of use or a privacy policy that was not, at the very least, provided to you. We all know you don't read them, but at least check if they exist.
Lastly, which is not an essential feature but may be, always take some time to read the site. Does it have common spelling errors? Is the wording a bit unfortunate or too general? Are they making promises of financial returns that seem too good to be true? I'd like to change the popular phrase "If it seems too good to be true, then it probably is" to "If it seems too good to be true on the Internet, then it probably is" ".
The story of a woman from America
The moment we've all been waiting for, steadfastly enduring this post (thank you, by the way). I want to tell you about the fate of one woman who became a victim of the very fraud that I talked about. After finding her driver's license in the folder I mentioned earlier, I did a little Googling and contacted her by phone (we'll talk about the prevalence of people's contact information online in another article). Here's her story.Imagine spending time on social media every day, scrolling through new posts in your Facebook group of like-minded women united by the idea of financial independence. Of course, new faces often appear in such a group, joining other women who have already become or hope to become financially independent.
And then one day a particularly evil “woman” appears in the group. She begins to promote her successful investment endeavors and wants to help other women. After attaching photographs of her enjoying the material luxury gained through her success, she begins to reach out to the other group members with an offer to help them too. They are then added to a group message created by the scammers with them and all the victims. Offer: sign up, I will trade for you, you keep 80% of the profits, and I keep 20% for myself to be able to trade in large volumes. Contribution? Minimum $1,000, all the way up to the VIP level where you can invest $100,000 and earn exponentially on your investment every day.
Fortunately, we got in touch in time, as the attack continued and pressure from the “investor” began to increase. After all, why stop at $1,000 if you've already succeeded once? Her story continues.
The scammer began to put pressure on her, demanding to invest even more funds in order to join the VIP level and significantly increase her income. The scammer insisted that she invest $100,000 because she had already seen the success of her smaller investment. When the victim became unsure, the scammer assured her that she could simply “borrow” the money (ie, take out a loan).
Another piece of the puzzle that I could only guess at and that she helped me confirm was that I naturally knew that she would never be able to withdraw her money. But I didn't know how they would explain it. It turns out that in this particular situation, this scammer (or scammers) were so engaged in their scheme and how to extract money from people that they actually charged a fee for initiating the withdrawal. The size of this commission was .005 BTC (Bitcoin).
This way, not only will the scammers be unable to withdraw the money because they realize their scheme has failed, but they will also find a last-ditch way to rob their victims, who will try to get their money before they realize it won' t happen. You and any potential victim reading this article should know that your money will not come back to you. They simply ignore you, make excuses to customer support, or even spoof fake legal notices in your email, notifying you that withdrawal activity is suspicious and under investigation.
Scammers are still active in this Facebook group and are driving traffic to this site and others I have identified (which are in the deletion queue as I write this article). The victim provided me with information about several Facebook profiles as well as messages she had observed from future victims, which I am working diligently to contact and help prevent further losses while I try to clean up this.
Second victim
Shortly after I began collaborating with the first victim, a former colleague called me. Same day, different scammer, same scheme. She was sure that her mother-in-law had been scammed. When she began to describe what was happening to me, everything sounded so familiar that it seemed as if they were all acting according to the same scenario. However, there were also differences.The victim ends up in a chat room (the origin and platform are not specified), where he is approached by a charming young man. The group's goal is announced to learn more about cryptocurrency. I'd like to suggest renaming it to something more accurate, like "Learn About Cryptocurrency by Having the Worst Possible First Experience." But I digress.
He makes many of the same statements: let me invest for you, get big returns, here's the website, blah blah. Everything that is familiar to us. However, there were some differences in this scam. The site was in Chinese, with some parts in English and others in Chinese. People were told to install an “app,” which was actually a mobile website designed to look and feel like a mobile app on a phone. The site provided "levels" of investment, with the more you invest, the higher the return.
However, in this case, the victim was disarmed by the casual nature of the man who approached her and the fact that he did not demand money, but used an “app.” Unfortunately, the reason these campaigns are so common and continue to appear daily is because they work. The victim transferred $50,000 in ETH to an in-app wallet. The money she took as collateral for her house. That's how evil these people are. While they cheat and steal, people lose a significant portion of their assets, and some of them will not be able to recover them for a long time, if at all.
There is no withdrawal option in this “app” at all, but rather directs you to “Customer Support” where you will have to communicate with the scammers in order to withdraw your money. A withdrawal that ultimately never happens. In this case, they said the account had been flagged for financial crime or fraud investigation. They went so far as to send her a fake email from a Gmail account claiming money laundering, and then demanded even more money, 30% more, to “verify” it. These people are relentless and unforgiving.
Conclusion
While I was collecting all this information, I spoke with another potential victim - a young mother of 30 years old. They wanted to deceive her, and we managed to prevent it. She noted that talking to people on Facebook chat seemed so casual and unsuspecting. She didn't know what awaited her.While some of us may be more aware or trained to recognize such items, the reality is that many people are still unable to recognize such scams. We cannot blame people who are victims of such scams, and we should not do so if they really lost money because of these people. All we can do is continue to inform and educate. Fight the bad guys, continue to destroy their new sites and accounts and make their lives as hellish as their victims.
