Episode V: Facebook Phish (and a Fake Legal Scam Recovery Front to Scam You Even More…)
[Podcast Episode Coming Soon]
In recent months, a surge of online scams has been targeting Facebook users, with scammers posing as representatives of the social media platform itself. These scams aim to phish users’ account credentials, and in some cases, even impersonate lawyers from legal firms to extract more money from victims. Our recent investigation has shed light on the tactics used by these scammers including their approximate operation locations, and the alarming rate at which they are operating.
The Scam: A Closer Look
The scam typically begins with a fake profile claiming to be from Facebook, reporting user violations and threatening to suspend or terminate the victim’s account. The scammer then contacts the user, posing as a representative of Facebook, and sends them to a site that looks like Facebook to ask for their account credentials to “verify” their account. Once the user provides their login information, the scammer gains access to their account and can use it for malicious purposes.
A Personal Experience
A relative of our investigator recently fell victim to this scam, with the scammer changing their profile photo to a Hamas flag before Facebook took down the account. Fortunately, the account was recovered. This prompted our investigator to setup an operation that lead to some details on the fraud syndicate.
The Investigation
To gather more information about the scam, the investigator played along with one of the scammers, who claimed to be a lawyer from a legal firm specializing in recovering accounts from scammers. The scammer used a phishing site hosted by gname dot com, a provider based in Singapore that has been known for allowing the hosting of scams and phishing sites for over two decades.
The Fake Legal Front
The scammer also impersonated a lawyer, using images of actual bar certificates to appear legitimate. They promised to help victims recover damages from online scammers, but instead asked for remittance records from money exchange places where the scam took place. This was an attempt to extract more money from the victim.
The Report
The investigator has documented the entire process, including IP addresses of the scammers, which were traced to locations in Sweden and Hong Kong. A report was faxed to the Federal Trade Commission (FTC) and the FBI’s National Cyber Investigative Joint Task Force, but no response has been received yet whence of this writing.
Conclusion
The rise of online social media scams is a growing concern, and Facebook users need to be aware of the risks. By being cautious and vigilant, users can protect themselves from falling victim to these scams. It is essential to verify the authenticity of any messages, posts or emails claiming to be from Facebook, and never provide account credentials to unknown individuals. Facebook will never message or post you about usage violations. Instead they will provide you a message about usage violations in ways that users on Facebook cannot. Such as direct and private notifications to you only.
Stay Safe Online
To avoid falling victim to online social media scams, follow these tips:
- Be cautious of messages or emails claiming to be from Facebook, especially those asking for account credentials or asking you to login with your credentials even if the site looks like Facebook’s login screen.
- Verify the authenticity of any messages or emails by contacting a relative or friend that is more computer savvy or informed.
- Never provide account credentials to unknown individuals. Never login to a Facebook looking site especially if you are already logged in.
- Keep your account information up to date and secure with two factor login verification and changing your password after suspected account compromises.
Report any suspicious activity to Facebook and relevant authorities.
By being aware of the risks and taking necessary precautions, Facebook users can protect themselves from online social media scams and stay safe online.
The Report Details:
The cover letter for the report sent to the FTC and NCIJTF can be found at:
[Informal Civilian Investigator]
(C)
(F)
Date: 2025-02-25
National Cyber Investigative Joint Task Force (NCIJTF)
(F)
Federal Trade Commission
Consumer Response Center
600 Pennsylvania Avenue, NW
Washington, DC 20580
(F)
Subject: Request for Investigation into Online Scam Involving Impersonation of a Legal Firm and Attorney
Dear Sir or Madam:
I am writing to formally request an investigation into a sophisticated scam operation conducted via social media, which involves the impersonation of an actual attorney and a legitimate law firm. This scheme appears to target individuals seeking help recovering from previous scams. The perpetrators have gone so far as to share a photograph of the real lawyer’s bar certificate, thereby lending apparent credibility to their fraudulent activities.
**Background and Summary of Incident**
– I became aware of this fraudulent operation when a close family member’s social media account was compromised. This occurred shortly before she was scheduled for radio and television interviews discussing her volunteer work in art programs for the homeless and other socially conscious groups.
– Suspecting foul play, I undertook a civic investigation into the source of the scam. My investigation revealed that the impersonators posed as a legitimate legal recovery firm promising assistance to scam victims.
– The scammers appear to be located in Stockholm Sweden with a final hit from another location in Sweden that is identified to be behind a proxy, The evidence suggests that this may be the location—or one of the locations—used to coordinate the fraud.
– The impersonators have replicated details of a legitimate attorney’s credentials, including an official bar certificate, to bolster their credibility while soliciting fees from unsuspecting victims.
– The scammers have also launched a deceptive website as a fake legal front agency that was not more than a month old per WHOIS records and that the website was registered by a notoriously reported host and domain provider out of Singapore known for fostering online scam phishing and fraud.
– The scam website host is out of Hong Kong per WHOIS, as: borenosher.me/
**Evidence Enclosed**
1. **Copies of Social Media Correspondences**: Chat transcripts and screenshots showing how the scammers approached victims, requesting fees in exchange for “legal services” tied to the recovery of prior scam losses.
2. **IP Trace Information**: Documentation of the IP lookup pointing to Stockholm, Sweden, etc.
3. **Bar Certificate Image**: A copy of the photograph used by the impersonators purporting to be that of the real attorney’s bar license.
4. **Other Relevant Communications**: A faxed messages to the San Deigo Attorney’s office, my findings of the current workplace of the lawyer being impersonated, in an effort to inform and aid in any mutual investigation. There has been no response as of this date and time.
**Request for Assistance**
– I respectfully request that the Federal Bureau of Investigation (NCIJTF) and Federal Trade Commission review these materials and launch a formal investigation.
– This scam operation not only targets vulnerable individuals seeking recovery from financial losses, but it also appears to involve identity theft—both of the legitimate attorney whose identity has been misused and of my family member whose account was compromised.
– The impersonation of a licensed attorney and legal firm raises grave concerns about consumer protection, data privacy, and potential financial harm to those who trust these services.
**Conclusion**
Given the sophisticated nature of this operation, I believe federal authority and expertise are required to address and halt this growing threat. I appreciate your time and attention to this matter. Should you require additional information or clarifications, please do not hesitate to contact me by phone, fax or mail.
Thank you for your prompt consideration of this request.
Sincerely,
[…]
Enclosures:
– Social Media Correspondences
– IP Trace Documentation
– Photograph of Bar Certificate
– Additional Related Communications