top of page
Writer's picturecannabiccino

Their scam websites, IP address geolocations and money runs

ABOUT WEBPAGES AND APPS OF THE SHAM INVESTMENT PLATFORMS

Why do many sham platform webpages look the same?


Because they are made by the same developers in Chinese black market, and they talk to each other. Every website comes with a source code. When purchasing, a company boss will also need to pay more for the developer to maintain and port the source code. There are differences between 30k RMB website and 5k RMB website. MT4 / MT5-standard prices are the most expensive, and can be highly unique and polished.

low end mid range mid-range, very popular


The same software developer contractor can produce the same platform for various scam company bosses in many cities. Similar or even identical-looking scam apps and websites, but with different names does not mean that the fraud den behind them are related. Same also for money laundering (see below); contractors usually serve many different bosses. To a developer, the price bosses pay includes:

  1. Domain for a year

  2. Real life data port over from legitimate sites (late by 5 minutes)

  3. Server hosting

  4. Manpower for the price of producing the web

  5. Yearly Maintenance


ABOUT THE IP ADDRESSES

Where these locations most commonly appear in IP grabs of the scammers:


1. Laos, Vientiane - Most internet service providers the scam companies in Myanmar use are from Laos, so if you get an IP from this place, the scammers are likely actually in Myanmar. Northern Myanmar have bad internet service, so scam companies connect through Laos instead. But there are also numerous Laos-based scam companies/dens, so it is ultimately hard to distinguish between these 2 locations without more clues.



2. Kuala Lumpur, Malaysia – Likely also VPN because Myanmar border areas with China have shops that sell China Mobile roaming data services for 100 RMB a week, which will show a Kuala Lumpur, Malaysia IP address. There are some small scam dens in Malaysia, but a giveaway is if the scammer says his internet connection is bad, he most likely is in Myanmar.

Left - China Mobile data services loaded on phone. Right - Concurrent IP log by Grabify (in Chinese) of same phone. The user is in northern Myanmar.


3. Cambodia, Phnom Penh – After Myanmar, Cambodia is the second biggest host country for Chinese scam dens. ("Dens" could be as large as an office building compound with ~500 workers)


https://zhuanlan.zhihu.com/p/150593905




MONEY LAUNDERING AND ORGANIZATION ON THE GROUND


For Customer Service, you may see them in a different location from the "salesperson" (chat app scammer/"dog-pusher"), because the scammers contract out the financing and money laundering. Money mules for bank wires get paid 1-2k RMB a week to collect money directly from an ATM using a bank card. They pass the money to another person who they do not call. A supervisor arranges so the mule doesn't get to talk to the person whom he/she passes the money to. Money is passed 3 times before it reaches the region head. The head then transfers to various banks in China and launder it again to Myanmar. Bosses send their runner to collect by hand. These runners are called "backpackers." The lowest rank (person with the highest risks and who go to ATM) won't know who the supervisor is. Their salary is paid using cash - supervisors allow them to deduct from the money they collect. One runner takes up to 100k RMB maximum. Bonus yearly is 688-1,888 RMB. Bosses use ImToken to store their loot in cryptocurrency.


Police going after money mules wouldn't work, unless they take down the entire gang. But then finding the boss' identity is still not guaranteed. It is their practice that they just call each other by aliases and nicknames. Employees are taught to not trust each other with real names. So, nobody onsite -- not even their director -- would know the identity of the boss, who might be in another country and would also have an alias.

Comments


bottom of page