Crypto is a tough world. People say we have a parallel universe here, when I tell them about scammers, courts and other events. Though, it’s never boring.
To make a long story short: imagine a company entering into a partnership with a financial services provider and paying in advance without prior background check? Read this as a tragic comedy with a happy end and take the lesson.
The company waited for services to be delivered, but they were constantly postponed. In 1.5 months of Skype calls nothing happened. The provider was in touch giving new and new reasons why we can’t move further. One of them was API: it was supposed the company will rework it and integrate with one of the biggest European banks.
Meanwhile, the company got a green light to disclose the bank’s name. Good news could keep up the spirit! It is amusing, isn’t it? The bank is willing to announce partnership with a cryptocurrency company publicly, how cool is that? Who knew in the next 3 minutes the bank will refuse any relations to the financial provider and threatened lawsuits? As I understood next, no one really knew whom they deal with.
*me, not believing all is clear there*:
— So… Did they send any proofs they’re actually a legitimate business?
— Yes, he sent the docs, his company is registered.
*me, wearing a haX0r gRRrl costume*:
— Umm… You said ‘he’?
Scammers easily fool people who have their critical thinking turned off. Thankfully, at least one person was acknowledged about social engineering attacks.
I started from the companies registry. Indeed, his company is registered. He also had other companies in different industries, even energy.
— Oh, here is his name. Let’s check social networks. Here he is. Okay, who are the other people holding positions? Wait a minute… The same guy holds several positions? Let’s check his other companies. Same guy with different names and birth dates?
The third person was not identified then but later. Companies’ timelines were inflated with appointments and cessations in a brief period of time to form a perception that things are happening.
Certainly, he had no vivid imagination in naming, but that could be a typical scam move choosing names which sound like existent companies or exactly the same. All his companies had one PO box. The odd thing is that he was friends with his own alternative identity on Facebook. Why the hell on Earth one would do that?
— Bruh, really, why did you put all these in one place! If you chose similar namings, maybe you “stole” something else? Is there any real company under that name in the financial sector… Huh, here it is. He copied the website content.
— Dear Asian Company, I’ve noticed this business claiming to provide your services and ask for money. I just wanted to check if you are affiliated with them before to make a payment. See the report, please.
— Thank you for your informational email. We are not affiliated. This is very much appreciated. Our team is currently investigating.
Oops… I started to dig more into his profiles. He has a cheap fake luxury items e-shop and, of course, he uses the same logotype everywhere. He left a trace of his home address on the web. I wondered how he spends his days in a hometown, twisted a street view of his house and who is an unidentified co-owner.
The financial services website looked outdated. It seemed I’m scrolling the Internet of 1997. Source code showed it cost only $10. A friend pinged me: this website might have an accessible directory. What a joke as for a business claiming to provide “secure” banking, but you had to see my face once we got there.
— Weird files names. Digital signatures, utility bills, passport scans… an image named blockchain.jpg and… a passport of that mysterious co-owner, whose documents were used for the website registration and companies’ directorship.
There were a few cherries on top. His role hero was a 17th century thief. He used a well-known malware as a part of his nickname on the web. Newspaper articles and court records showed he was previously sentenced for theft and forgery. My report has grown. His website was taken down the next day it was sent to various financial fraud investigators. Fate is unknown.
P.S.: After the website taken down he returned $XX,XXX to the company.
All heil OSINT. I love infosec.