On Jan. 14, 2022, a Facebook page named Tina’s Finance, which is not a real company, advertised a doctored picture of billionaire Warren Buffett supposedly holding a giant bitcoin logo that resembled a medallion. The ad appeared to invite Facebook users to learn more about bitcoin and perhaps other cryptocurrencies. Over the course of several hours, we slowly uncovered a series of crypto scams that had been hosted on Messenger for at least several weeks. Meta owns both Facebook and Messenger.
As we gathered evidence, we watched live in group conversations as money was lured out of the pockets of unsuspecting victims. At the same time, we attempted to contact several of the new arrivals into the scam in order to try to warn them. The scammers promised that their funds would be invested in a special app named “MetaEx” or “MetaEXC” before being returned. However, the money was never going to be sent back, as it was all part of the scam.
Also on Jan. 14, we contacted the tech giant’s media relations team before the close of business on the West coast. We included links to the scam and information so that they could take action. We did not receive a response.
Over the weekend, we continued to watch the scam operate unimpeded. It continued all weekend, despite the fact that Meta brings in billions of dollars in quarterly revenue and has tens of thousands of employees and content review workers on the clock worldwide.
According to details on the Tina’s Finance Facebook page, the scam was operated by users located in Hong Kong, Indonesia, Brazil, Cambodia, the Philippines, Russia, South Africa, Spain, and United Kingdom.
Aside from the Buffett ad, some of the other ads from the page tried to draw people in with pictures of Elon Musk, Stephen Curry, and Kanye West.
In our investigation, we infiltrated the scam, finding out information about its administrators and victims. Here’s how it all went down.
How the Crypto Scam Works
Reddit’s r/scams subreddit published a general summary of this kind of cryptocurrency scam:
Victims are told to buy cryptocurrency of some kind using a legitimate cryptocurrency exchange, and then they are told to send their cryptocurrency to a website wallet address where it will be invested.
The scammer controls the website, so they make it look like there is money in the victim’s account on their website. Then the scammer (or the scammer pretending to be someone official who is associated with the website) tells the victim that they have to put more money into the website before they can get their money out of the website. Of course, all of the money sent by the victim has gone directly into the scammer’s wallet, and any additional money sent by the victim to retrieve their money from the website will also go directly into the scammer’s wallet, and all of the information about money being held by the website was totally fake.
According to the post, this is also known as a “pig butchering scam.”
Infiltrating the Scam
The Facebook ad featuring the picture of Buffett was step one of the scam. It’s unclear how much money was being spent to display the ads on the platform. The Buffett ad, which had no association to the man himself, asked users to click to send a message to the Tina’s Finance page for more information. We did just that.
In the second step of the scam, a page manager for Tina’s Finance told us in Messenger about a “cryptocurrency exchange group” that had “professional teachers” who were prepared to “share knowledge”:
In the third step of the scam, we were introduced to a specific Facebook user who posed several questions. In one case, it was someone named Alex Scott. In another instance, we were sent to a user named Matthew Quesnelle. The Tina’s Finance page told us each time: “Add him. You will find a new way to wealth.” We ended up seeing this phrase several times. (Some of the identities involved in the scam were fake.)
Burel James, the ‘Teacher’
After a brief chat with Scott or Quesnelle, they then transferred us again to the fourth step of the crypto scam: a separate Messenger chat with hundreds of Facebook users in a group conversation. These conversations were linked to Facebook groups. One was named BTC Trend Analysis Exchange Group, which had recently been created on Dec. 27, 2021. In another instance where we initiated the scam again from the start, we were sent to a different group with the same name. That second group was created on Dec. 23, 2021.
The Messenger administrators in the group conversations were listed as users named Burel James, Odelette Bethune, and Ryesen Yumi Gao. James, who was listed as the creator of the Messenger group, showed a profile picture that matched a profile photograph on a Twitter account named Benson J. Graystone and also an Instagram account named nanz_dela_cruz. James also was referred to as female in the Facebook account’s cover photograph, which was likely nothing more than a classic Facebook scammer’s mistake that we’ve seen in other instances before. Meanwhile, the account for Gao was created on Nov. 27, 2021, suspiciously the day before the Tina’s Finance Facebook page was created.
Other accounts that appeared to be involved in the management of the scam included Dota Cagot, Taurey Cole, Bob Deyarmin, Maxime Gagnon, Dustin Lee Johnson, Linda Marry, Diane Mulgrue, Amit Kumar Peer, Anne Petch, David Robert, Fay Samuel, Brown Tom, Ulfa Ulfa, Sugeng Heru Widodo, and Bilal Khan Zazai. The profiles for Praveen Madabushi and Noémie Riendeau also showed suspicious activity. Several of these names appeared to be backwards, such as “Burel James” and “Brown Tom,” which likely were intended to be James Burel and Tom Brown. This showed that the scam was managed by people who didn’t appear to have the best grasp of the English language.
Within the Messenger group conversation, the “teacher” referred to earlier by the Tina’s Finance page ended up being James. In fact, James showed two accounts. The older account looked to have been suspended or removed by Facebook on Jan. 13. (At this point, we lost track of the number of red flags that had shown up.)
Like a horde of robots, James’ arrival into the group conversation prompted the scammers to say “welcome teacher” over and over. Some of the scammers copied and pasted a phrase about gaining fortune: “The teacher said that if you share your fortune, you will gather fortune.” We saw this multiple times over the course of the weekend.
At this point, James would ask if everyone was ready to initiate the transfer of funds:
In the fifth step of the crypto scam, James advised the Facebook users in the Messenger group conversation on what to do in a mobile app called “MetaEx” or “MetaEXC,” which had no association with Facebook’s parent company, Meta. It could only be downloaded on a specific website and was not available in the App Store for iPhone or the Play Store for Android. This meant it was not officially approved. The website ScamDetector.com gave the website, MetaEXC.net, a very low rating.
James asked users to download Coinbase or a similar cryptocurrency exchange app in order to send their funds to the scam app, “MetaEx.” Then came directions that looked something like this:
After the transfer, it appeared in the scam app “MetaEx” that the funds had been properly invested. However, at this point, the scammers had already won.
‘I Lost Everything’
Around three hours after we contacted Facebook’s media relations workers to notify them of the crypto scam, we witnessed a victim lose $800 in USDT, a currency that’s also known as Tether. His participation in the scam didn’t become apparent to us until he started asking questions in the group conversation. He claimed that a “customer service” representative was helping him in the “MetaEx” app. We responded in the group chat to the victim, saying: “Hey, I sent you a message on Messenger. Can you check it?” An administrator in the scam group conversation then tried to stop our discussion from occurring: “He has consulted the customer service, and there is no need to discuss this.”
We then were able to privately chat with the victim, who asked to not be identified. He said he was from New Jersey and that the same Buffett ad lured him into the scam. He also posted this screenshot from the “MetaEx” app’s supposed “customer service” representative, who promised him everything would be ok.
However, this user never got his money back, nor did any of the others who fell victim to the same scams over the weekend and in the weeks before. “I lost everything,” another user said.
Such scams can often continue past this point where the scammers request fees for the money to be withdrawn back to the original owner. However, this is just an attempt to extract more money from the victim, as the r/scams Reddit thread said. This has also been referred to in the past as a recovery scam or refund scam.
During a conversation with one of the scammers, Gao, one of the administrators, revealed to us that they were operating at least four (scam) groups, each with large group conversations in Messenger. In a private chat, they sent a screenshot from their view in Messenger, perhaps to encourage us to take part in the scam: