> For the complete documentation index, see [llms.txt](https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/intelligence-base/all-about-scammer.md). # All About Scammer ## What is scammer? A scammer is a person or group that commits fraud with the aim of obtaining illegitimate benefits, such as money, personal data, or other important information from victims. They typically use increasingly diverse and sophisticated methods, ranging from impersonating official entities such as banks, companies, or government agencies, to creating fake accounts on social media to convince targets. Scammers often exploit victims' fear, desire for quick profits, or lack of knowledge, for example by offering fake prizes, fraudulent investments, fictitious job openings, or sending threatening messages to encourage victims to act without thinking. In some cases, they also use social engineering techniques to build trust before ultimately defrauding victims. Therefore, it is crucial for everyone to always be careful, not carelessly providing personal data such as OTPs, passwords, or account numbers, and always verify the accuracy of information through official sources to avoid becoming victims of scammers ### Type of scammer #### 1. Online (digital) scammers These are the most common nowadays. They operate online on social media, marketplaces, online games, email, and chat apps. Their targets can be anyone because their reach is so broad #### 2. Offline (in-person) scammers They operate in person in public places such as streets, bus terminals, markets, or specific events. They typically rely on face-to-face communication to deceive their victims #### 3. Local scammers Scams that occur in the immediate vicinity, such as among neighbors, within a city, or in small communities. They are usually more “personal” and exploit the trust of those around them #### 4. International scammers Groups of fraudsters operating across national borders. They typically use the internet or fake call centers, and their targets can be people from various countries #### 5. Individual scammers Individuals working alone without a large network. These are usually small-scale, such as buy-sell scams or fake accounts #### 6. Organized scammers Large groups with systems resembling fake companies (e.g., scam call centers or fraudulent investment schemes). These are the most dangerous because they are well-organized and professional #### 7. Love scammers A love scammer (often also called a romance scammer) is a fraudster who pretends to be in a romantic relationship or to have an emotional connection with the victim, usually through social media, chat apps, or dating sites. Their goal isn’t to actually seek a relationship, but to manipulate the victim’s feelings so they’ll send money or personal data. At first, they’ll be very attentive, romantic, and quick to make the victim feel “special.” Once trust is established, they begin asking for financial help under various pretexts, such as emergency expenses, travel tickets, illness, or family issues. Common traits of love scammers include refusing to meet in person, always having an excuse when asked to video call, and frequently telling dramatic or inconsistent life stories. They also typically demand secrecy so the victim won’t tell others. This type of scam is dangerous because it targets emotions, not just logic, so victims often don’t realize what’s happening until after they’ve suffered a loss #### 8. Blackmail Blackmail is the act of threatening someone to obtain something—usually money, goods, or other benefits by pressuring or intimidating the victim. In blackmail, the perpetrator often claims to possess the victim’s confidential information, photos, videos, or personal data, and then threatens to release them if the victim does not comply with their demands. For example, someone might be threatened with the release of their private photos if they do not send money. Blackmail can occur both online and offline. On the internet, this is often called sextortion, where the perpetrator blackmails the victim by threatening to distribute private content or fabricated recordings. In the real world, blackmail can take the form of direct threats or pressure from someone who knows the victim’s secrets. This act constitutes a serious crime because it causes psychological, social, and financial harm to the victim ## Intermezo As an IT security consultant and OSINT practitioner, I'm often asked about scammer behavior and how they operate. Many people are victims of scams, especially online scams and blackmail. This is very disturbing, and there are many cases of scammers worldwide. They target laypeople, the elderly, and individuals with psychological weaknesses. Here are some examples of scams that have occurred ### 1. Love scam case In Jakarta, police uncovered a love scam in which the perpetrators pretended to be in a romantic relationship online. Once the victims had gained their trust, they were asked to send money under the pretext of an emergency. The victims suffered losses amounting to hundreds of millions of rupiah {% embed url="" %} ### 2. Deepfakes & AI scams Scammers use AI technology to mimic the faces or voices of famous figures in order to gain victims’ trust. These scams have already deceived many people, resulting in significant financial losses ### 3. Overseas job scams There are also Indonesian victims who were promised good jobs abroad but were actually forced to become online scammers But there’s something funny about my friend’s experience. My friend fell victim to an online gambling and soccer betting scam, and they asked me to help get their money back. Honestly, this is really ridiculous. Online gambling is very common in my country many people do this to make extra money, get rich, or try their luck. Unfortunately, they don’t realize that these games are rigged and mostly scams. Gambling is actually just entertainment—if you lose a bet, just let it go. My country used to legalize gambling, but a few years later, it became illegal. In reality, gambling is a business, but there are indeed forms of gambling that involve scams and are designed solely to take your money. It’s important to note that gambling won’t let you win easily or get rich quickly gambling is merely for entertainment, and I do not condone gambling Online gambling is thriving on a massive scale across various countries. Based on my investigations and the articles I’ve gathered, there are several hubs for online gambling—I can’t list them all, but here are some key locations where online gambling operates, such as Indonesia, Thailand, Cambodia, Sri Lanka, and China. These operations are highly organized, and even involve foreign nationals. This poses a challenge for our country and others in combating scammers and the spread of online gambling There are also friends who have been blackmailed—mostly women—such as those used as material for deepfakes or scams to deceive people on online dating sites and adult apps. This stems from their own mistakes, such as storing explicit content on their digital devices, which is then shared by others. Additionally, some victims have been infected with malware, allowing third parties to download data from their devices, distribute it, and sell it on social media channels As for my friends—pen pals and overseas friends—they were scammed by fake dating apps, and the scammers are aggressively extorting money from them via social media. This is truly terrifying because they exploit the victim’s psychology and fears. They can use deepfakes or generative AI to create highly convincing avatars (profiles), and scams can also occur offline (which is hard to avoid)—why? Because we can’t predict what will happen in real-life situations they might be operating in groups, and you could be deceived into thinking you’re interacting with a woman when it’s actually a man—many things can happen Everyone has probably had the experience of being cheated or scammed—for example, being cheated in a business transaction, by a friend, by a store, or in other situations. It’s like this: no one knows when they’ll have a bad day, and at any moment we’re vulnerable to being cheated. For instance, if we’re in a vulnerable state of mind, they’ll take advantage of that to deceive us. It’s a bitter pill to swallow, but use this as a learning experience so you won’t be cheated in the future ## How scammer work ### Targeting elderly victims and technologically inexperienced individuals Scammers frequently target elderly individuals and people with limited technological knowledge because they are often considered more vulnerable to manipulation and digital deception. In many cases, perpetrators specifically look for victims who have more free time, limited cybersecurity awareness, or less familiarity with modern online threats. Elderly victims may spend significant time answering phone calls, responding to messages, browsing social media, or interacting with unknown contacts, making them more exposed to scam attempts conducted through calls, SMS, messaging applications, or fraudulent websites Cybercriminals often exploit psychological factors such as trust, panic, confusion, loneliness, or respect toward authority figures when targeting older individuals. Scammers may impersonate bank officers, government agencies, technical support staff, healthcare providers, or even family members in distress to pressure victims into sending money or disclosing sensitive information. In some cases, perpetrators deliberately use technical terminology and urgent scenarios to confuse victims who are unfamiliar with digital systems or cybersecurity practices Individuals with limited technological experience are also commonly targeted through fake applications, phishing websites, fraudulent customer service accounts, and remote access scams. Because these victims may not fully understand how online verification, application permissions, or digital security mechanisms work, they are often more likely to trust suspicious instructions or install malicious software without realizing the risks involved. This combination of psychological manipulation and technological unfamiliarity makes elderly and less tech-savvy individuals one of the primary targets in many modern scam operations ### Targeting small businesses and SMEs (UMKM) Many scammers specifically target small businesses, startups, and SMEs because they generally have weaker cybersecurity measures and verification systems compared to large corporations. Scammers exploit this vulnerability to carry out various fraud schemes, such as invoice scams, fake payment confirmations, business email compromise (BEC), and impersonation of vendors or business partners. In practice, scammers may send professional-looking fake invoices, forge payment transfer receipts, or take over business email accounts to insert payment instructions to accounts controlled by the perpetrators. Since business transactions often occur quickly and involve extensive digital communication, victims frequently fail to recognize the manipulation until financial losses have already occurred. Beyond financial losses, attacks on SMEs can also damage business reputation, lead to customer data breaches, and cause operational disruptions ### Scammers targeting crypto and investment communities Scammers are also actively seeking targets in cryptocurrency, trading, and online investment communities because these sectors have high levels of financial activity and many users interested in quick profit opportunities. Scammers typically infiltrate Telegram groups, Discord channels, trading forums, social media, and investment communities to build credibility before launching their scams. They often offer unrealistically high returns, fake insider information, trading bots, exclusive investment opportunities, and pump-and-dump schemes designed to manipulate the prices of specific digital assets. In some cases, perpetrators use fake testimonials, screenshots of fictitious profits, influencer impersonation, or hacked community accounts to boost victims’ trust. These techniques exploit psychological factors such as the fear of missing out (FOMO), a sense of urgency, and the desire to make large profits in a short time, causing victims to make decisions without conducting adequate verification ### Social media monitoring Scammers actively use social media platforms such as Meta Platforms (Facebook, Instagram, TikTok), LinkedIn, and X/Twitter as their primary means of identifying and profiling potential victims. By analyzing publicly shared information, scammers can conduct reconnaissance to assess their targets’ lifestyles, daily activities, emotional states, occupations, social connections, online habits, and financial situations. In many cases, scammers seek out individuals who appear emotionally vulnerable, have an interest in investing, are looking for a job, or frequently share personal information openly. This data is then used to craft a more personalized and convincing approach so that the victim trusts the identity and narrative constructed by the perpetrator ### Phishing and fake landing pages Phishing and the use of fake landing pages are among the most common techniques used in modern scams to obtain sensitive data from victims. Scammers typically create fake websites, counterfeit login pages, fake sweepstakes, and phishing emails designed to mimic official services such as banks, e-commerce platforms, social media platforms, or well-known technology companies. The visual appearance, logos, domains, and page structure are made as similar as possible to the genuine services so that victims do not realize they are interacting with a fake system. In some cases, scammers also use messages that create a sense of urgency—such as account security warnings, threats of account suspension, or offers of specific prizes—to encourage victims to immediately enter their usernames, passwords, OTPs, or financial data without further verification ### Impersonation and fake identities In many scam operations, perpetrators use impersonation or fake identity techniques to increase the victim’s level of trust. Scammers may pose as bank customer service representatives, law enforcement officials, technology companies, technical support staff, business associates, or even the victim’s friends or family members. These techniques are often reinforced with the use of fake accounts, stolen photos, spoofed phone numbers, and even fake identification documents to make the communication appear more credible. In some cases, perpetrators also exploit information obtained from data breaches or reconnaissance to make interactions feel more personal and convincing. This approach aims to lower the victim’s guard, making it easier for them to follow the instructions given by the perpetrator ### Mass messaging and spam campaigns Scammers also frequently use mass messaging and spam campaigns to quickly reach a large number of targets. This technique involves automatically sending thousands to millions of messages via SMS, email, WhatsApp, Telegram, or social media direct messages using bots or specific software. The message content typically consists of phishing links, fake investment promotions, illegal online loans, sweepstakes prizes, or notifications about account issues designed to elicit a response from the victim. This strategy relies on high volume, assuming that a small percentage of recipients will respond or be interested in the content of the messages sent. The more people who respond, the higher the chances of success for the scam operation ### Community infiltration In some cases, scammers do not directly target victims at random, but instead infiltrate specific communities to build trust before carrying out their scams. They typically join investment groups, cryptocurrency communities, gaming forums, marketplaces, and online business communities to find targets that fit their modus operandi. Once they’ve joined, scammers will try to appear as ordinary members by actively participating in discussions, sharing information, or providing fake testimonials to gain legitimacy within the community. Once trust is established, the perpetrators begin offering fake investments, services, giveaways, or business opportunities aimed at manipulating community members into handing over money or sensitive data ### Compromised accounts Social media accounts, email accounts, and instant messaging apps like WhatsApp that have been successfully hacked are often exploited by scammers to carry out further fraudulent activities. Because the communications appear to come from the genuine accounts of trusted individuals, victims are usually more likely to trust them and do not immediately suspect any malicious activity. Scammers can use these accounts to request money transfers, spread phishing links, ask for OTP codes, or distribute malware to the victim’s contacts. In some cases, scammers also leverage existing conversation histories and social connections to make interactions feel more natural and convincing. This technique is highly effective because it capitalizes on the social trust that has already been established between the account owner and their network of contacts ### Reconnaissance Scammers typically operate in a structured manner, beginning with an initial phase of reconnaissance (recon) or information gathering on their targets. During this phase, they gather as much data as possible through social media, company websites, public databases, forums, and even data breaches circulating online. Information such as the target’s full name, job title, phone number, email address, professional connections, daily activities, and communication patterns is used to build a detailed profile of the victim. Once the data is collected, the scammers begin social engineering by posing as trusted parties, such as coworkers, official institutions, customer service representatives, or even the victim’s family members. The methods used can include phishing, investment scams, impersonation, and even sending malicious files or links to gain further access. Reconnaissance techniques are a critical factor because the more information the scammers possess, the higher the success rate of their scams ### Psychology From a psychological perspective, scammers exploit emotional manipulation techniques and human behavior to influence their victims’ decisions. Before carrying out their main scheme, scammers typically conduct psychological reconnaissance by studying their targets’ personalities, habits, interests, financial situations, and communication patterns. This information is used to determine the most effective approach, such as building trust, creating a sense of urgency, instilling fear, or offering substantial profits in a short period of time. Scammers understand that people tend to make emotional decisions when they are in a state of panic, under pressure, curious, or overly trusting of certain authorities. Therefore, scammers often pose as highly credible parties so that victims feel safe and lower their guard. This psychological approach means that scam attacks rely not only on technology but also on the scammer’s ability to exploit human cognitive and emotional weaknesses ### Approach and communication Scammers generally rely on strategic approaches and specific communication techniques to effectively manipulate their targets. Before initiating a direct interaction, perpetrators often conduct reconnaissance, or information gathering, by seeking information about the victim's background, interests, occupation, financial situation, social relationships, and communication patterns. This information is used to tailor the conversation to appear more convincing and build trust In many scam cases, communications are carefully crafted to appear credible and engage the victim's emotions. Perpetrators may impersonate trusted parties such as financial institutions, government agencies, technical support services, business partners, or even people the victim knows. The communication style used is typically adaptive and persuasive, targeting specific psychological aspects based on the target's profile and vulnerabilities Scammers also often exploit psychological triggers such as a sense of urgency, fear, authority, curiosity, sympathy, or the lure of financial gain to influence the victim's decision-making. For example, victims may be pressured to act quickly by suspected account security issues, promised high investment returns, or emotionally manipulated through romance scams and friendships. The primary goal is to lower the victim's vigilance and critical thinking skills, making it easier for them to make impulsive decisions that benefit the perpetrator Modern scam networks also utilize multiple communication channels simultaneously, such as phone calls, phishing emails, instant messaging apps, social media, and even fake websites. This multi-channel approach is used to increase credibility and create the illusion of authenticity. In organized cybercrime operations, communication strategies are usually systematically developed, coordinated, and continually developed to increase success rates while minimizing suspicion from both victims and authorities ### Data breach In many cases of scams and cybercrime, data breaches are a key factor exploited by perpetrators to increase the effectiveness of their attacks. Leaked data can come from various sources, such as digital platforms, online services, companies, illegal forums, infostealer malware, or exploit security vulnerabilities in certain systems. The information obtained typically includes full names, email addresses, phone numbers, passwords, financial data, personal identification, and even users' digital activity For scammer networks, data breaches are highly valuable because they allow perpetrators to conduct more accurate reconnaissance of their targets. With detailed information, perpetrators can craft approaches that appear more convincing and personalized. For example, scammers can use victims' real names, transaction history, employment information, or specific account data to establish legitimacy in their communications. This technique is often used in spear phishing, impersonation scams, account takeovers, and social engineering targeting individuals and companies In addition to being used for psychological manipulation, leaked data is also often traded on underground forums and illegal marketplaces. This data can be purchased by other cybercrime groups for various activities such as spam, phishing, identity theft, financial fraud, and malware distribution. In some cases, combining multiple data breaches from different platforms allows perpetrators to build a more comprehensive profile of the victim, increasing the chances of a successful attack The data breach phenomenon demonstrates that information security is not only about technological protection, but also about protecting user identity and privacy. Therefore, implementing cyber hygiene, using multi-factor authentication, data encryption, monitoring suspicious activity, and transparent incident handling are crucial steps to minimize the impact of data breaches and prevent misuse by scam networks and organized cybercrime actors ### Advertisement Modern scam networks increasingly utilize digital advertisements and social media platforms such as Meta Platforms Facebook, TikTok TikTok, Instagram, Telegram, and other online services to expand their reach and target potential victims more effectively. These platforms provide scammers with access to large audiences, targeted advertising systems, and communication features that can be exploited to distribute fraudulent content at scale In many cases, scammers create fake advertisements, sponsored posts, cloned business profiles, or misleading promotional campaigns designed to appear legitimate. The content often promotes investment opportunities, online jobs, giveaways, cryptocurrency schemes, loans, or e-commerce products with unrealistic promises and urgent calls to action. By leveraging platform algorithms and audience targeting features, perpetrators can direct scams toward individuals based on demographics, interests, financial behavior, or online activity patterns Social media advertisements are particularly effective because they blend into normal user activity, making fraudulent content appear trustworthy and familiar. Scammers frequently use professional branding, manipulated testimonials, fake reviews, influencer impersonation, and edited visuals to increase credibility. In some operations, perpetrators also combine advertisements with phishing websites, fake customer service accounts, messaging applications, and social engineering tactics to guide victims through multiple stages of manipulation In addition, cybercriminal groups may exploit stolen or compromised advertising accounts to run scam campaigns while avoiding detection. This approach allows malicious actors to bypass trust barriers because the advertisements originate from previously legitimate accounts or verified business pages. Some organized scam operations continuously test and modify their advertising techniques to adapt to platform moderation systems and maximize victim engagement The increasing use of digital advertisements in scam operations highlights the importance of platform moderation, user awareness, advertisement verification systems, and cybersecurity education. Users are encouraged to verify sources carefully, avoid unrealistic financial promises, and remain cautious when interacting with advertisements requesting sensitive information, payments, or urgent actions ### Working with local residents In many modern scam operations, perpetrators do not work alone or rely solely on international networks. Some cybercrime groups are known to cooperate with local residents to support their operational activities. This cooperation may include renting properties, providing bank accounts (mule accounts), assisting with logistics, recruiting workers, translating languages, or helping conceal illegal activities so they appear normal within the local environment In several cases, local residents are recruited through promises of employment, commissions, or financial incentives without fully understanding the scale of the criminal activities involved. However, there are also cases where certain individuals knowingly assist scam operations as part of organized criminal networks. Local involvement becomes valuable because residents understand the surrounding environment, administrative systems, and local monitoring patterns that may be exploited by perpetrators A real example can be seen in the exposure of an international online scam syndicate in Batam, Indonesia, involving hundreds of foreign nationals operating from apartment complexes in the Lubuk Baja area. According to investigations conducted by immigration authorities and police, the network was involved in online investment fraud, romance scams, and phishing operations targeting victims across multiple countries. The operation allegedly utilized local facilities such as rented properties, internet infrastructure, and certain operational support in order to continue activities while minimizing suspicion from the surrounding community Another example involves the recruitment of Indonesian citizens to work in scam centers located in Cambodia and Myanmar through fake job advertisements. Many victims were initially promised positions in digital marketing or customer service, but were later forced to participate in online fraud and social engineering activities. Several reports indicated the existence of local recruitment networks that assisted in facilitating travel and distributing workers to international scam compounds These cases demonstrate that modern scam operations are often transnational in nature and involve a combination of international actors and local support networks. Therefore, cooperation between law enforcement agencies, local communities, digital platforms, and international organizations is essential to detect, disrupt, and prevent the expansion of organized scam networks In some transnational operations, scammers collaborate with local partners to identify targets, provide bank accounts, rent properties, or assist with operational activities in specific regions {% embed url="" %} {% embed url="" %} ### Bribing law enforcement (insiders) In several cybercrime and online scam cases, perpetrators have been known to build connections with certain internal parties in order to gain advantages in operational activities or law enforcement processes. These practices may involve providing money, facilities, or other forms of compensation to individuals who have access to sensitive information or investigative procedures. The objective can include delaying legal proceedings, obtaining internal information, avoiding raids, or obstructing investigations. However, it is important to emphasize that such actions are carried out by certain individuals and do not represent law enforcement institutions as a whole. The majority of officers continue to perform their duties professionally, ethically, and actively combat various forms of crime, including cybercrime and online fraud In security studies, this phenomenon is commonly referred to as an insider threat or insider corruption, which describes the abuse of access or authority by individuals within a system. Insider risks are considered particularly serious because internal actors may possess access to procedures, information, and enforcement mechanisms that can be misused to support illegal activities In Indonesia, several officially processed cases demonstrate that law enforcement institutions also take action against internal personnel who violate the law. One example is the case involving AKBP Bambang Kayun, who was investigated by the Corruption Eradication Commission (KPK) over allegations of bribery and gratification related to case handling. In addition, there have been cases involving individuals accused of accepting bribes in narcotics investigations and other criminal matters. The fact that these cases were legally processed indicates the existence of internal oversight and ethical enforcement mechanisms within the institutions themselves In the context of scam operations, modern fraud networks often operate in an organized manner by utilizing social engineering, psychological manipulation, money laundering, and the exploitation of bureaucratic loopholes. Therefore, strengthening internal oversight, investigative audits, digital forensics, and transparency in law enforcement processes are essential measures to prevent the abuse of authority by certain individuals while maintaining public trust in law enforcement institutions {% embed url="" %} {% embed url="" %} ## Possible we track them? Yeah, by the way, I can’t go into detail about tracking scammers because that information could be used by them to *evade detection or counter intelligence.* Scammers can indeed be tracked, but it’s difficult because they’ve already implemented several operational security (OPSEC) measures, including strategic planning and target surveillance. Scammers also often work in groups or organized networks they can even move from place to place or even country to country, or use others as intermediaries. This makes the tracking process even more complicated because it doesn’t lead directly to a single perpetrator. In some cases, they also utilize various digital platforms, causing their digital footprints to be fragmented. Additionally, the lack of complete evidence from victims—and victims’ reluctance to provide detailed chronologies—is common, such as failing to save conversations or transaction records, which further complicates investigations. It is this combination of technology, identity concealment, and meticulous operational methods that makes scammers difficult to track. Here are the basics of tracking down scammers: ### 1. Report to law enforcement Reporting criminal activity to law enforcement is the first step, as you will be helping the government and law enforcement agencies compile cases and build their databases on criminal and fraudulent activities they are the authorized parties with the authority and access to investigate criminal cases. Gather clear evidence and a timeline so they can understand the context and use the data as leads for their investigation. For example, report scam accounts, websites, phone numbers, or apps to the relevant platforms, banks, service providers, and law enforcement so they can be blocked or investigated further ### 2. Evidence and timeline When tracking down a scammer, one of the most important steps is to gather all the evidence and compile a complete timeline of events. This evidence can include chats, emails, phone numbers, account usernames, invoices, transfer receipts, website domains, phishing links, and even files or APKs sent by the perpetrator. All of this information aids the investigation process in understanding how the scam unfolded, the methods used, and the potential identity or digital footprint of the perpetrator. Establishing a clear chronology is also crucial so that analysis, reporting, and investigation can be conducted in a more structured and accurate manner ### 3. Financial and Infrastructure Tracing In scam investigations, tracing the bank accounts, e-wallets, and cryptocurrency wallets used by perpetrators is a critical step in tracking the flow of funds obtained through fraud. This process typically involves analyzing transaction reports, examining financial activity, and using blockchain explorers for cryptocurrency transactions to identify patterns of fund transfers and potential links to other accounts. Additionally, the investigation may also involve identifying scammers’ operational patterns, such as the use of fake social media accounts, fake marketplaces, specific phone numbers, or digital identities previously linked to similar cases. On the technical side, phishing websites or scam domains can be analyzed using WHOIS services, DNS history, passive DNS, and threat intelligence to examine the infrastructure used by the perpetrators, including hosting, servers, related domains, and potential connections to other scam networks ### 4. Pattern and Technical Analysis In the process of investigating scams, analyzing operational patterns and technical traces is a crucial step in understanding how perpetrators operate and identifying potential links to other cases. Investigations typically involve identifying the use of fake social media accounts, fake marketplaces, specific phone numbers, or digital identities previously used in fraudulent activities. Additionally, technical analysis can be conducted by examining file metadata such as creation time, the device used, GPS location (if available), author name, software editor, and specific system information embedded within documents, images, or videos. Examining email headers, shortened URLs, IP addresses, and various other digital artifacts can also help identify the origin of communications and the infrastructure used by the perpetrators. This approach helps investigators map attack patterns, operational methods, and potential connections between different scam networks Identify scammers’ modus operandi, such as the use of fake social media accounts, fake marketplaces, or phone numbers linked to other cases. Examine file metadata, email headers, shortened URLs, or other technical information that can help identify the source of the communication ### 5. Analysis of Open-Source Information and Scam Databases During scam investigations, investigators and victims often utilize various open-source information systems and platforms to conduct preliminary checks on the perpetrators’ identities and activities. Some commonly used services include phone number identification apps like Getcontact to view community labels or reports associated with a specific number, scammer databases and fraud reporting platforms to search for fraud histories previously reported by other users, as well as bank account verification services like CekRekening.id Kominfo to determine whether an account has ever been flagged for use in fraud or online scams. Additionally, website analysis platforms like ScamAdviser, are frequently used to evaluate a domain’s reputation, website age, server location, and a site’s trustworthiness. Public review platforms like Trustpilot also help assess other users’ experiences with a specific service or website under suspicion. For technical security analysis, investigators frequently use VirusTotal to scan files, domains, URLs, or malware hashes to detect signs of phishing, malware, or other malicious activities. This open-source intelligence (OSINT)-based approach aids the initial identification process by connecting various publicly available digital traces before further investigation is conducted **Keep take a notes** And they sometimes set up multiple activated phone numbers, social media accounts made to look as realistic as possible, and bank or payment accounts ready to be used. For example, if a scammer succeeds in defrauding someone, they will funnel that money into several accounts—sometimes ending up in cryptocurrency—and then launder it. They use this money laundering process to clean their money. What is the purpose? It is the process of disguising money derived from criminal activities to make it appear “clean” or legal. The primary goal is not merely to hide the money, but to make it usable without arousing suspicion from law enforcement. There are several methods of money laundering, including: ### 1. Placement (money placement) This is the initial stage, which involves introducing the proceeds of crime into the financial system. Common methods: * Depositing small amounts of money into banks to avoid arousing suspicion (smurfing) * Purchasing vouchers, phone credit, or small assets * Depositing money through cash-based businesses such as stores or restaurants ### 2. Layering (layering / obfuscation) This is the most complex stage, aimed at making it difficult to trace the source of the funds. Common methods: * Transferring funds multiple times across numerous different accounts * Using someone else’s account (nominee) * Transferring funds overseas * Converting funds into cryptocurrency Repeatedly buying and selling assets (e.g., real estate or stocks) ### 3. Integration This is the final stage the money now appears “clean” and enters the legal economy. Common methods: * Purchasing legitimate businesses (cafés, stores, companies) * Investing in real estate or land * Using the money for lifestyle expenses (cars, homes, etc.) as if it were earned through legitimate business * Shell company, a company that exists only on paper * Trade-based money laundering, manipulation of the prices of imported or exported goods * Online gambling, money is laundered through online gambling * Crypto mixing, mixing crypto transactions to make them difficult to trace {% embed url="" %} ### 4. Fake donations Scammers send large donations to streamers using money obtained through criminal activity. The goal is to make the money appear to be donations from viewers or fans, when in fact it is not. ### 5. Fictitious sponsorships Perpetrators create fake companies and then pay streamers as sponsors. The money actually comes from illegal activities, but is disguised as a business payment. ### 6. Digital purchases (gifts, Super Chat, in-game items) Illegal funds are used to purchase gifts during live streams or digital items, making the transactions appear normal. ### 7. Fake accounts for small transactions Many accounts are created to send small, repeated donations to make it look like ordinary viewer activity, when in fact the goal is to launder money gradually. ### **The main objectives of money laundering include:** ### 1. Concealing the source of illegal funds Money derived from criminal activities such as fraud, drug trafficking, corruption, or scams is disguised so that its original source cannot be traced. ### 2. Avoiding law enforcement Perpetrators attempt to prevent the police or financial institutions from linking the money to criminal activities. ### 3. Making the money appear legitimate (legal) After being “laundered,” the money is introduced into the formal financial system—such as businesses, real estate, or investments—to appear as the proceeds of legitimate business. ### 4. Facilitating the use of large sums of money Proceeds from crime usually cannot be used immediately because they are suspicious. Through money laundering, perpetrators can use or transfer the money without hindrance. ### 5. Supporting other criminal activities “Clean” money can be used again to finance new crimes, such as scam networks, illegal trade, or criminal organizations. **Scammer in nutshell** In short, they have many ways to hide their identities and tracks. One of the main reasons is that they often use fake accounts or fake identities, making it difficult to identify the real person behind the screen. Furthermore, many scammers operate online and use VPNs, fake phone numbers, or foreign servers, making their location hard to pinpoint {% embed url="" %} ## How scammer method Throughout my career in IT security and my in-depth study of IT security and OSINT. Here are the key tactics frequently employed by scammers, whether individuals or groups. They actively use apps or software for RAT (Remote Access) on victims’ devices, engaging in blackmail and even deepfakes. I frequently encounter such activities in my country and city there are even scammers who invest significant resources to set up fake cell towers to send fraudulent SMS messages, intercept GSM networks, and force users to join their insecure networks. You can read more about this below ### Deepfake Deepfake is an artificial intelligence-based technology that has the advanced ability to manipulate or synthesize visual and audio materials to produce content that appears very realistic despite being entirely artificial. The name "deepfake" itself is a combination of the terms deep learning—a method in AI that mimics the way the human brain works to learn data—and the word fake, which means fake. Technically, this technology works by mapping a person's facial features or voice characteristics and attaching them digitally to another subject, so that the end result is able to imitate the target's expressions, lip movements, and tone of voice with a frightening level of accuracy. Although initially having positive potential in the entertainment industry such as film visual effects or historical recording restoration, now deepfakes are more often misused for negative purposes, ranging from the spread of disinformation and political hoaxes, financial fraud, to the creation of pornographic content without consent that harms a person's reputation and privacy Advances in artificial intelligence technology are also being exploited in scams through the use of deepfake technology. This method allows perpetrators to forge a person’s face, expressions, voice, or video to make them appear as the real person. In some cases, scammers use deepfakes to impersonate public figures, company executives, family members, or specific individuals to enhance the credibility of their communications. This technology is frequently used in video call scams, fraudulent investment schemes, and digital identity manipulation to create an illusion of authenticity, making it easier for victims to trust the instructions or information provided #### How to prevent **System or Application** Every security system such as face verification is vulnerable to bypass such as deepfake fake face verification, synthetic mask with face, print image with face, video injection, bypass face verification. How to do the validation? * Use technologies that support image or video comparisons during face verification. Choose a technology that has many datasets * Use live gestures, such as looking right and left up and down, smiling or gaping to make it difficult to deepfake * Limit threads during face verification, provide a limited limit to make it difficult for attackers to do video injection. * Verification limitations, for example 1 day limit 3x errors, the user will be blocked based on IP and device id or name. * Addition of a block feature every user has anomalies during face verification * Use eye retina to verify like apple face id * Use color when verifying, for example if the user verifies there are colors on the screen blue, yellow, green randomly so when the light reflection is different it will be rejected or detected * Rotation and moving light and background verification * Sound detection e.g like noise and speech for detection if there are anomalies in the voice reject verification * Add device risk detection to your app, such as for rooted, jailbroken, or proxy-connected devices, as well as third-party applications. Add security features to your app, such as the ability to detect root, jailbreak, proxy, and third-party applications. If a user logs in under such conditions, their login should be rejected during verification. Most third-party tools, such as Frida, MITM proxies, HTTP Toolkit, and camera injection apps, require root access. Therefore, add these parameters to your app **Individual** * Photo and vidio For individuals, you can do several ways such as reducing publishing your face on open sites, forums or other things, for example from uploaded videos and photos, the more data and HD quality, the attacker can generate deepfake your face easily, every photo use masks, filler effects, reduce resolution to make it difficult for attackers to collect data * Sound or voice Reduce your voice, you can use sound effects such as echo, special effects to protect your voice, many deepfakes have a bad and stiff voice so this is difficult to do if the voice data is very limited, but there are times when AI can do this easily * Gesture Gesture, reduce the curves of your body, chest, and body, this can be done by deepfake as a dataset from the attacker, many AI models can do such as stripping photos, making body curves in the chest plane and others What if you are public figure? Indeed, public figures cannot escape social media activities such as uploading flog videos, photo models and other things, so there are many deepfakes available from public figures because the dataset is wide and makes it easier for attackers to create this deepfake. If you are a public figure and you get blackmail then my advice is to spread this in your fans and report it to the authorities and the platform to takedown the content that is spread. Or inform to all follower you have been blackmail or deepfake. Then issue a clarification stating that it wasn’t you, and let your followers know that this is a scam or false information. In digital footprints it is difficult to delete, so there are times when the video will reappear you should monitoring **Privacy** Do verification settings on your account and your smartphone, for example, set your privacy so that it cannot be indexed by search engines, only your friends can see, limit your age and hide your activity from trackers, for smartphones you can do many ways depending on the brand of your smartphone, And can do double security by buying anti-virus, vpn and reducing application permissions to access your smartphone, don't forget to enable 2FA for each of your accounts or your smartphone, lock your smartphone if lost. Or buy an anti-tapping smartphone that is difficult to tap or forensic **Information** To protect and verify your information from deepfakes, you can do several things, here are some tips if you find content or media, make sure there are 5W + 1H * Verify Media such as images, videos, you can verify first such as using image reverse or similar image, scan using the media content with a deepfake detection tool (if you don't find any loopholes) this is the main way to protect you from fake videos or AI deepfakes * Geolocation verification, verify where the place is, is it the same as the media? Make sure it's the same as what you found * Do a time determination (chronolocation) by checking the direction of the sun and shadows, this can be used as an indication of when the media was taken? Is the data the same? * Who made the post? Check the account or who published the media? For example, a trusted source or just ordinary people and others, it should be noted that even though it is from a trusted source, we still validate the data they have presented * What is the basis? Find out why they published the media? Why is there a narrative like that? If you have understood it then try to find other clues by searching for the same content or media for that reason * Understand the context and content of the narrative. Does it make sense? For example, snowfall in Bali is highly unlikely in terms of natural science and geography, so look at the inconsistencies and understand the content of the narrative. **Deepfake Live** * Check the texture most live deepfakes still have texture flaws such as lighting, shadows, and skin texture. For example, the skin texture may be too smooth, making the image look like an animation, or the lighting may appear static even when the person is moving. Ask the person to move and pay close attention to the image and the video’s motion. Most deepfakes have static lighting and overly contrasting color textures * Ask them to point their fingers, then ask them to pose with their fingers and cover their faces. Most deepfakes or AI models can’t do this yet if the image becomes distorted, looks unnatural, or appears blurry, it’s likely a deepfake * Check the movements. Pay attention to the movements of the neck, mouth, teeth, lips, and tongue. Deepfakes are still stiff when it comes to these detailed movements and look like animations or pasted images. Also, see if the movements are synchronized with the mouth movements. For example, if the person says “hello” or “how are you?” Notice whether the gestures and mouth movements are stiff, jerky, or blurry. If they don’t match, you can be sure it’s a deepfake * Pay attention to the delay and response. With a real person, the delay and response are clearly visible, especially when there are spontaneous movements such as raising a hand, touching the ear, and so on. If the response is too delayed and stiff, it’s definitely a deepfake * Pay attention to the voice. The voice in a deepfake tends to sound strange and stiff, especially the accent when speaking. If you’re used to hearing English accents—such as Indian, Indonesian, or Chinese accents—you can easily tell if the speaker is a real person, but in a deepfake, the speech will sound strange, especially the accent * Ask for spontaneous actions. e.g “Raise your left hand right now”, “Write today’s date on a piece of paper”, “Turn the camera around the room", "blink" **Read more**
{% embed url="" %} ### Phishing websites Phishing websites are one of the most common methods scammers use to steal victims’ credentials and sensitive data. Attackers create fake login pages designed to resemble official services such as online banking, social media, marketplaces, email providers, or digital government services. The visual appearance, logos, domain names, and page structure are made as similar as possible to the original sites so that victims do not realize they are entering data into a fake system. In many cases, victims are directed to these websites via phishing emails, text messages, fake ads, or instant messages containing malicious links. The primary goal is to obtain usernames, passwords, PINs, OTPs, and financial data to be used for account takeovers and further fraud ### Fake APK / Malicious applications Scammers also frequently distribute fake or malicious applications via Telegram, WhatsApp, SMS, social media, or specific websites using various tactics, such as digital invitations, receipt files, investment apps, and even fake government service APKs. These applications are typically modified and embedded with malware such as RATs (Remote Access Trojans), spyware, keyloggers, or banking trojans capable of secretly stealing data from the victim’s device. Once the app is installed, the perpetrator can gain access to the victim’s SMS, contacts, gallery, microphone, OTP notifications, and even mobile banking activities. This technique is particularly dangerous because many victims are unaware that their devices have been compromised ### Voice cloning Voice cloning is an AI-based technology used to mimic a person’s voice using only a short audio sample. In the context of scams, this technology can be used to mimic the voices of family members, supervisors, coworkers, or even public figures to make victims believe they are speaking with the real person. Perpetrators typically use this technique to request emergency money transfers, give specific instructions, or emotionally manipulate victims. Because the generated voice sounds so similar to the original, many victims find it difficult to distinguish whether the communication is genuine or digitally fabricated ### QR code scam (Quishing) A QR code scam, or quishing, is a fraudulent method that uses fake QR codes to redirect victims to phishing websites, malware downloads, or the scammer’s payment system. This technique is becoming increasingly common because people tend to view QR codes as a safe and convenient medium. In practice, scammers can distribute QR codes via posters, social media, email, online marketplaces, and even stickers placed in public areas. Once scanned, victims may be redirected to a fake login page or asked to make a transaction to a specific account without realizing they are interacting with a malicious system ### Spoofing Spoofing is a technique used to forge digital identities—such as phone numbers, email addresses, website domains, caller IDs, and message sender addresses—to make them appear to come from an official or trusted source. Using this method, scammers can impersonate banks, technology companies, customer service representatives, or specific institutions to gain the victim’s trust. In some cases, perpetrators use caller ID spoofing so that the displayed phone number appears identical to that of an official service, making it easier for victims to follow the instructions provided without performing additional verification ### Abuse of remote access tools In some scam operations, perpetrators ask victims to install remote desktop applications such as AnyDesk, TeamViewer, or similar apps under the pretext of assisting with verification processes, resolving technical issues, or conducting account security checks. Once the application is installed and access is granted, the scammer can directly control the victim’s device remotely. The perpetrator then exploits this access to log into mobile banking, steal data, view OTPs, transfer funds, or install additional malware without the victim’s knowledge. This technique is highly effective because victims often grant access permission themselves as a result of psychological manipulation by the perpetrator ### Malware and infostealers Malware and infostealers are malicious software specifically designed to secretly steal sensitive data from victims’ devices. The targeted data can include browser passwords, login cookies, credit card information, personal files, and even cryptocurrency wallet information. Malware is typically spread through email attachments, malicious websites, pirated software, fake APKs, or phishing links. Once it successfully infects a device, the infostealer sends the victim’s data to the attacker’s server to be used for account takeover, identity theft, or other cybercrimes ### Fake BTS / IMSI catcher A fake BTS, or IMSI catcher, is a device used to spoof cellular base station signals so that the victim’s device connects to a fake network operated by the attacker. Using this method, scammers or cybercriminals can intercept SMS messages, OTPs, or specific communications without the victim’s knowledge. This technology is often associated with eavesdropping, mass SMS phishing, and OTP-based account takeovers. Since the victim’s device perceives the fake network as an official BTS, the victim usually does not realize that their communications are being monitored or manipulated ### Credential stuffing Credential stuffing is a method that exploits databases of usernames and passwords obtained from data breaches to attempt automated logins to various victim accounts across many different platforms. This technique works because many users reuse the same password combinations across multiple services. Attackers typically use automated bots to test millions of credential combinations on email services, social media, marketplaces, and online banking platforms. If successful, the compromised accounts can be used for further fraud, data theft, or sold on underground forums ### Fake marketplace escrow Fake marketplace escrow is a scam method that uses a fake transaction website designed to resemble an official marketplace or escrow service. Scammers typically direct victims to these fake platforms under the pretense of safer transactions or the use of a third-party payment system. The website is designed to look professional, complete with a payment dashboard, transaction status, and fake notifications to convince victims that their funds are being processed securely. Once the victim makes a payment or enters specific information, the scammer will take the funds without ever delivering the promised goods or services ### Blackmail and extortion scams Blackmail, or digital extortion, is a method scammers use to pressure victims through threats, intimidation, or the distribution of sensitive information. In many cases, the perpetrator claims to have private photos, videos, online activity history, hacked data, or confidential information belonging to the victim, which they will release if the victim does not meet certain demands, usually in the form of a monetary payment or cryptocurrency. This technique often exploits fear, panic, shame, and psychological pressure to induce victims to make impulsive decisions without further verification. In practice, scammers can obtain blackmail material through various methods such as phishing, malware, account takeovers, social engineering, and data breaches. Some perpetrators even use fake threats by sending mass emails claiming to have hacked the victim's device even though they do not actually have any access. However, because the messages are crafted convincingly and often include old passwords from data leaks, many victims believe their devices have actually been compromised. In addition to digital data-based extortion, there are also sextortion scams, a form of blackmail involving private photos, videos, or emotional manipulation to pressure victims into sending money or additional content. In some cases, perpetrators use fake accounts, recorded video calls, or digital manipulation to threaten victims with sharing the content with family, friends, or on social media. This method is effective because it relies on emotional pressure and the victim's fear of social reputation and potential personal consequences. ## How to prevent from them? Here are some effective tips to protect you from scammers ### Beware social engineering Social engineering is a manipulation technique used by scammers or cybercriminals to trick people into giving sensitive information, money, or access to systems. Instead of attacking technology directly, the attacker targets human psychology by creating trust, fear, urgency, curiosity, or emotional pressure For example, a scammer may pretend to be a bank officer, technical support staff, government official, friend, or family member to convince the victim to share passwords, OTP codes, or financial information. Social engineering is dangerous because it relies on human mistakes and emotions rather than technical hacking skills alone Learn more {% embed url="" %} ### **Verify before trusting** Always verify the identity of anyone requesting money, sensitive information, OTP codes, or urgent actions. Contact the organization or individual through official channels rather than relying solely on messages, phone calls, or links received unexpectedly {% embed url="" %} ### **Do not share sensitive information** Never share passwords, OTP codes, PIN numbers, banking credentials, recovery codes, or personal identification data with unknown parties, even if they claim to be from trusted institutions ### **Be careful with links and websites** Avoid clicking suspicious links from SMS, email, social media, or messaging applications. Always check the website domain carefully before logging in or entering sensitive information ### **Install applications only from official sources** Download applications only from official app stores or trusted vendors. Avoid installing APK files from random links, Telegram groups, or unknown websites ### Enable multi-factor authentication (MFA) Use MFA or two-factor authentication on important accounts such as email, banking, and social media to reduce the risk of account takeover ### Keep software and devices updated Regularly update operating systems, browsers, antivirus software, and applications to patch security vulnerabilities that may be exploited by attackers ### Be skeptical of urgency and emotional pressure Scammers often create panic, urgency, fear, or emotional manipulation to force quick decisions. Take time to verify information before acting ### Avoid unrealistic investment or giveaway offers Be cautious of promises involving guaranteed profits, quick returns, free rewards, or exclusive investment opportunities that seem too good to be true ### Protect personal information on social media Limit the amount of personal data shared publicly online, including phone numbers, addresses, financial details, travel plans, or family information that could be used for social engineering ### Use strong and unique passwords Create unique passwords for different accounts and use password managers if necessary to reduce the risk of credential stuffing attacks ### Monitor financial and online activity Regularly check bank statements, login history, email alerts, and account activity for suspicious transactions or unauthorized access attempts ### Do not give remote access to unknown individuals Avoid installing remote desktop applications or granting device access to unknown parties claiming to provide technical support ### Educate family members, especially elderly relatives Elderly individuals and less tech-savvy users are often primary targets of scams. Discuss common scam methods with family members and encourage cautious online behavior ### Report suspicious activity If you encounter scam attempts, phishing pages, fake accounts, or suspicious communications, report them to the relevant platform, bank, cybersecurity authority, or law enforcement agency ### Stay informed about emerging scam techniques Scam methods evolve continuously, including the use of AI, deepfakes, fake advertisements, and impersonation. Staying informed about current cyber threats can significantly reduce the likelihood of becoming a victim ## Conclusion Modern scammers operate using a combination of technology, psychological manipulation, and social engineering techniques to target victims from various backgrounds. Their methods continue to evolve, ranging from phishing websites, fake applications, impersonation, malware, deepfake technology, and fake investment schemes to emotional manipulation through social media and online communication platforms. In many cases, scammers do not rely solely on technical attacks, but instead exploit human emotions such as panic, trust, fear, curiosity, loneliness, urgency, or the desire for financial gain Preventing scam attacks requires both cybersecurity awareness and emotional control. Using strong passwords, enabling multi-factor authentication (MFA), verifying information before acting, avoiding suspicious links or applications, and protecting personal information online are important defensive measures. However, technical protection alone is often not enough. Many scams succeed because victims are emotionally pressured into making quick decisions without proper verification Almost everyone, at some point, may encounter scam attempts either directly or indirectly. Some people experience suspicious phone calls, phishing emails, fake advertisements, fraudulent messages, or social engineering attempts through social media. These experiences should not only be seen as risks, but also as lessons that increase awareness and digital literacy. Learning to stay calm, think critically, and control emotional reactions is one of the most important defenses against manipulation-based attacks As cybercrime continues to evolve, maintaining caution, improving cybersecurity knowledge, and understanding psychological manipulation techniques become essential in everyday digital life. Awareness, patience, and emotional discipline can significantly reduce the risk of becoming a victim of modern scam operations Fraud checker resouces (i will update soon the data sources) {% embed url="" %} Financial intel (i will update soon the data sources) {% embed url="" %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/intelligence-base/all-about-scammer.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.