Uncovering Facebook Scammers

Case Study

A user from Reddit posted an ad, asking some help regarding an impersonator acting as them and swindling people. Based on the Reddit post,

1. Somebody created a Facebook account under this victim’s name (Roland Ross),
2. This ‘Roland Ross’ posted in various Facebook groups that they’re selling ‘concert tickets’.
3. Then if people inquired about the post and ask for some ID, ‘Roland Ross’ will show the victim’s proof of identity and their selfie with the ID to entice other potential buyer to pay for the “concert tickets”.
4. Since people will be somehow at ease that this imposter sent a proof, they’ll instruct them to pay for downpayment first to a specified digital banking account.
5. Once the victim sent the receipt of the fund transfer, then the con is complete.

This Reddit user compiled all evidence from different Facebook users and their transactions with this fake user from the time they discovered these (April 2023) activities until now (date of this post). Yes, until now.

Analysis

Modus Operandi

How did the poser got the ID of the Redditor?

Unfortunately it can’t be determined by now.

Since they can’t remember any transactions that their identification might be needed before April 2023, here are some speculations (taking shot at the dark here).

There are multiple ways to ask for proof of identification (ID and photo holding the ID).

• Buy or sell something
• Register to an app requiring proof of identification (e.g. any other banking and finance related, SIM Registration)
• Stolen device
• Cloud storage leak
• Rentals, and other reservations like AirBnB
• Or it could be someone you know… dun dun dun dun dun.

Then when these a-holes somehow got your creds:

1. They’ll create a social media account, could be Facebook, Twitter, Instagram, Reddit, Carousell, could be any site that they’ll be able to post and sell something.
2. Once the account was created, they’ll post every where they can, hell if they can post in bathrooms with a marker they could just to deceive people.
3. Mostly they’ll sell tickets of some of the most in demand concerts in the country.
4. Potential victims will inquire regarding the post.
5. They’ll send /r/needsmorejpeg type of image of the ticket with water mark and other types of masking info. (I guess it makes sense in that perspective.)
6. Potential victim now intrigued will ask for some ID for legitimacy.
7. Theeeeen, they’ll send your ID together with the selfie of the ID.
8. Potential victim turns into true victim.
9. Victim now is blocked.

Sometimes, they’ll post strictly for meetup but will pressure victims to send a downpayment. They’ll put the location outside their target demographic (i.e. Metro Manila, but they’ll put it somewhere in Pampanga or Bataan). I mean the province is near and they are probably banking on people’s desperation to get the ticket at this point.

Uncovering tracks

Per the Redditor, this is the Facebook account posing as them.

They also sell items in Carousell (a popular Buy and Sell site in PH).

A mobile number “0985 --- —80” selling Conquest tickets. This mobile number was also used in Maya, ShopeePay, and Palawan Express (Digital Bank and Payment platform).

Other samples:

‘Roland Ross’ asks for downpayment first.

‘Roland Ross’ sent a mismatched ticket.

When potential victim is smart enough, ‘Roland Ross’ will block them.

Further more, lets check out the publicly accessible post for awareness. They detailed out the digital banking accounts used by this piece of human garbage.

Don’t Transact on these contact details!

• 0985-----80 - Maya, PalawanPay, and ShoppeePay
• ------------ - Unionbank
• ---------- - BPI
• ----------- - Seabank
• ---------------- - Ownbank
• 0995-----24
• 0975-----84

What stand out to me was to whom these mobile numbers were registered to some of these apps.

Mobile Identification

• 0985-----80 (Maya, PalawanPay, and ShoppeePay)

• 0995-----24

• 0963-----12

So upon querying these numbers, it appears that its somehow registered to a single identity.

Hello there, John Vincent.

Twitter

• @CJSY991 (CHAERYSOM99) previously @ReRoll12p

One thing I found interesting here is Twitter will still index all associated data with the user even if they changed their handle. Huh.

Facebook

• “Go C.”

• “Mae G.”, another user shared that the same screenshot was sent to them identical to the ones being sent by ‘Roland Ross’ minus the ugly watermark. So its plausibly same person behind these activities.

Some of the Facebook groups where these scammers lurk and post:

• https://www.facebook.com/groups/manilaconcertstickets/
• https://www.facebook.com/groups/1886045921733552/
• https://www.facebook.com/groups/525535615689962/
• https://www.facebook.com/groups/3207209829541044/
• https://www.facebook.com/groups/SGpromoter/
• https://www.facebook.com/groups/903279301412417/

Exhaustive list of scammers (reposted by various users)

• https://www.facebook.com/share/p/yt3AxyUtqHnFJzUd/

Conclusion

• Identity thief behind the account is associated with “John Vincent G.” or “JayVee G.”
• Identity thief is located presumably in Guadalupe, Cebu based on this receipt (only lead where this person used a hand-written note and posted it). Reverse checked the image and found no other possible source.

• Based on this video (https://www.facebook.com/reel/251319311363553), identity thief appears to be female (see nails albeit the potato quality).
• Identity thief is using Macbook.

Recommendations

• Be careful when sending PII (Personally Identifiable Information) to someone else. If necessary, try to utilize detonating messages or create a shareable link where the ID was stored and set an expiry. It’s tedious, yes. But its much much more trouble if you’re not being mindful about it. (I mean that’s the essence of this article, have you been paying attention?)

• Report these accounts to their corresponding banks, sure enough they’ll act with these kinds of incidents specially of there’s a proof like above.

• Report this crime to Law Enforcement Agencies (LEA) like PNP and NBI. Just be ready for a notarized affidavit of complaint. For the uninitiated, here’s the template from PNP-DIDM. They have the authority to work with various companies and organizations to cooperate with them and track the criminals. (i.e. they can ask Facebook the IP address or location of certain user through proper channels.)

• Continue reporting these accounts to Facebook, and other social media sites.

• Don’t hire hackers to track somebody, you can also be held accountable since you obtained sensitive info illegally. (Don’t fight fire, with fire.)

Relevant Laws in PH

Data Privacy Act of 2012 (Republic Act No. 10173)

This covers this scenario since PII can be:

• Name, address, contact information
• Government-issued IDs
• Selfies and photographs

“John Vincent G.”, or whomever they are, can be held accountable through civil, criminal or administrative penalties for illegally using the victim’s data without consent soooo its a blatant violation of the victim’s privacy rights.

Cybercrime Prevention Act of 2012 (Republic Act No. 10175)

Perp also committed a criminal offense based on:

• Identity theft or the use of someone else’s identity to commit fraud
• Cyber fraud, including unauthorized transactions using another person’s identity

Offender of Cybercrime law may face imprisonment or fines depending on the severity of the crime.

tl;dr

Person reported that they are a victim of identity theft, used their identification card as proof when scamming people to buy concert tickets and other stuff.

Personal thoughts

I don’t know if somebody noticed but I think fund transfers will still proceed as long as the “Account Number” is correct, regardless of the info you entered in “Account Name”. Then it’ll be hard to get the money back since you, as the owner of the account, willfully sent it to the recipient. Which sucks.

So before buying anything online be sure to check first who you are transacting with.

• Search the name, know their reputation.
• If they are asking for downpayment for a transaction, there’s a chance it might be bogus specially when they are rushing you to pay for it.
• Their willingness to meetup without a fuss, fake seller would make excuses or ask something before the meetup.
• Another thing is how degraded the photo of the item (in this case concert tickets), so maybe for the benefit of the doubt ask for a clearer photo with a newspaper (exactly like proof of life images lol) or current date and time during the transaction.
• Learn to say no when in doubt.