We are presenting our latest investigation about the scam currently prevalent in Slovenia. In this scheme, scammers randomly call individuals, posing as (unlicensed!) brokers and offering assistance with investments on their platforms, promising profits while guiding them through the process. Our findings reveal that this is clearly a fraudulent activity.

We also had the opportunity to make direct contact with the scammers, allowing us to gather valuable information. This insight will help people understand how this scam operates and why they (users) should avoid such investment offers.

Caller ID spoofing

Caller ID spoofing involves altering the caller's number displayed on the recipient's phone. This is done by manipulating the signaling data in the call setup process, typically using VoIP systems or specialized software, to replace the true number with a fake one. This technique is often exploited for deceptive or fraudulent purposes.

During our interactions with them, we noticed that the scammers used a variety of phone numbers. Most of these were spoofed Slovenian numbers (041, 031, 040 ...), but on a few occasions, they mistakenly called us from their VoIP numbers.

If we had dialed the spoofed Slovenian numbers, we would have either reached random individuals unaware of the scam or encountered numbers that simply don’t exist, as confirmed by the operator.

Here are some numbers that we gathered during our investigation:

+38520770300, +38520790387, +38521770706, +385911548253, +385913655973, +385998135624

Upon investigating these numbers, a HLR lookup revealed that they are VoIP numbers. Further digging indicated that the scammers rented these services from Belgacom International Carrier Services.

Domain Collection

Here is the visual graph displaying the list of scam domains associated with this type of scam that we analyzed.

Here is the visual graph displaying the list of scam trading platforms associated with this type of scam.

With so many domains linked to these scams, we won’t focus on just one case. Instead, we’ll use multiple sources to show how this scam works. It’s important to keep all of this in mind because there are several warning signs that you should be aware of.

At first glance, many of these websites seem convincing (using professional designs), but they’re hiding crucial details from potential victims. Most of them don’t provide proper company information - usually just an email and sometimes a phone number. What’s even more concerning is that some sites do list a company name and address, but those often turn out to be fake, with the addresses belonging to completely different businesses.

Fake Company details

This website is using an address that belongs to a different company, and no business associated with the website is actually located there.

Sometimes, they deliberately choose addresses of legitimate companies offering similar services, like financial advisory, to confuse users. This tactic makes it seem like the scam website is linked to a legitimate business.

Here is another case of a completely different company that is not associated with this scam website

What we've found is that, in most cases, there isn’t enough information about the company behind the website. Typically, you'll only find an email address, which is a significant red flag and something you should be aware of.

Trading Under Risk

Scam websites often use generic terms like "the Company" in their terms and conditions to create an illusion of legitimacy, deliberately avoiding the disclosure of specific, verifiable information to obscure their true identity and evade accountability.

One characteristic circumstance found on every illicit trading portal are the risky terms. By that, of course, we mean the abnormally high leverage, which reaches a maximum ratio of 1:400 on their platforms.

To make the deal even more attractive, the scammers claim there’s no trading commission involved, spreads are only described as “tight” and there’s zero other fees.

Since this is the main source of income for every brokerage brand out there, it’s impossible that the firm charges nothing for any of their services. It’s only logical to conclude these statements are pure fabrications.

Here is another red flag:

4.2. The Company has no responsibility for any acts or omissions of any third party to whom it will pass money received from the Client.

Here is another red flag condition:

13.7. The bonus and profits can only be withdrawn once the minimum trading requirements outlined above have been met. By accepting the deposit bonus, the Clients may NOT withdraw the trading profit funds at any time and nor the bonus funds they received until minimum trading requirements have been met. The Client may also withdraw the funds they deposited at any time, but not the trading profit funds and bonus until minimum trading requirements have been met.

This clause is a red flag because it creates significant barriers to withdrawing any funds, including trading profits. Scammers often use these conditions to prevent clients from accessing their money, making it nearly impossible to withdraw anything beyond the initial deposit until onerous trading requirements are fulfilled. This tactic is commonly employed to trap clients’ funds and discourage them from withdrawing their money.

These are just a few examples of the extremely risky terms and conditions found on a scammer's website.

Check Social Media Accounts, Google Results, and User Reviews

Always verify if the website appears in Google search results, as many of these domains are often hidden from search engines. Additionally, be sure to review user feedback, but remember that some reviews might be fake. We've also discovered that scammers sometimes use social media accounts from other companies, or they create their own accounts with very few or no followers.

We recommend using our Domain Inspector tool Xprotect, a tool specifically designed to analyze domains for any suspicious activity.

Shady Background Companies

Some victims shared information about where the stolen funds were sent (Bank Accounts), and with that given information we collected details on companies linked to this scam. These companies were registered in various countries, including Lithuania, Poland, the Czech Republic, and England.

The first company involved in receiving multiple transactions from victims is Linerum OÜ (16456305), which is owned by Elena Siampouri.

Elena Siampouri is registered as management board member.

Gilberus s.r.o. (17275644), is registered company in Prague - Czech Republic, owner of this company is Maksimas Žuravliovas.

Junik (5242966861), registered in Warszawa - Poland, owned by Leszek Bernat.

Barelon LTD (13870000), registered in London - England, owned by Diego Lina.

All these companies were involved in receiving stolen funds from victims. However, it is unclear whether the scammers used these companies as money mules or if they were registered using stolen identities. The connection to these companies is based on victim reports indicating that money was sent to them. Further investigation is needed to determine the exact nature of their involvement.

Increase your level of critical thinking online, especially when it comes to investing money and similar activities.

How to Identify a Broker Scam

• Check if Broker is Registered: Most people use BrokerCheck to verify if their broker is registered and legitimate. It provides information about the investment advisors within the firm and the types of securities they are authorized to handle.
• Overly Friendly Communication: Scammers may be unusually kind or accommodating in their interactions to gain your trust.
• Caller ID Spoofing: They might use different phone numbers, often employing caller ID spoofing through VoIP technology to mask their true identity.
• Lack of Company Information: Scammers typically avoid providing detailed information about their company, raising red flags.
• Fake Company Details: Even if you find a company address or other details, they might have stolen these from legitimate businesses. Sometimes, a Google Maps search will reveal that the address belongs to another, unrelated company.
• Unlisted or Suspicious Websites: Their website might not appear on Google searches, and they may use multiple, non-verified domains to operate.
• Social Media Presence: Check their social media links, as a lack of legitimate, active accounts can be a warning sign.
• Suspicious Free Services: Offering free services or advice can be a tactic to lure victims, signaling something might be amiss.
• Poor Contact Information: Sparse or unprofessional contact details, even if they provide more than just an email, should raise concerns about the legitimacy of the business.
• Fake Reviews: Be cautious when checking online reviews, as scammers often create fake positive reviews to make their operation appear legitimate.
• Review Terms and Conditions: Always read the terms and conditions of service carefully. Scammers often omit company details and include suspicious clauses that put users at high risk.

All the information gathered in this investigation was collected ethically. This research was not sponsored by any third parties, and our goal is to protect as many users as possible.

Stay safe!