Inside a million-dollars internet-fraud, truths, and lies

~ 5 minute read
Crafted : 1 year ago Updated : 10 months ago
#infosec #information-security #cybersecurity #fraud #scam #money

Hello, luvs, this time I like to share something rather important with you, Which you probably won't give a single damn 😀because I'm not signing despa'sito here. 


Table of contents




When it comes to scamming and internet fraud its almost the same case, People like Brian Krebs tried so hard to aware people of issues , but again, no matter what we leave, in the time, even if you are a talking teddy bear, no one seems to care. interesting right ? 

Let's back to the topic, Internet scammers, spammers, and fraudsters. They are also making money (billions if the money is a good enough indicator of achievement). There are enormous unique methodologies used by cybercriminals,Long story short; we can't stop them. That's why we don't talk about them as much as we should. Not because criminals are smarter than white hats and security guys, As I mentioned in my first post due tho their natures, these issues can't be fixed using technology and by technical guys alone. For instance, security researchers and hunters can't legally card a target or test fraud detection supported by major banks, Result? They are vulnerable, and they remain vulnerable. The math is simple here, no matter how professional white engineers are, they are outnumbered. That's why, Besides our marvelous efforts, we failed miserably to protect users. So why we end up here? Because the main problem is the monopoly of payment gateways by major banks, credit card companies, and financial giants and the monopoly of other services like personal email by tech giants. To make it more comfortable for you to follow, let's discuss a live case study. and hey i'm not naging here i'm just thinking we can do better. 


iPhone unlock scam network case study


I want to start with some statistics. 



So now we can freely say we have more than 1 billion just apple devices around. For so many reasons, people may want legitly(forget the information) or illegally (stolen) unlock a phone. The first thing to comes to thee naturally is to search about it. The first thing you see on google is ads; it's on top of Google, and its the first thing you see. You trust Google, and you click on the link. 


let's see you have an iPhone, and you legitly need to get it unlocked. 

let's see the first site  Here is promotion video and look at the comments  look at the people who commented .

If you come from a technical background by a bit of research, you find out its a scam, but not a basic scam a truly is a mixture of phycological and technological fraud! Various sites are doing the same scam , Which make me feel feel they probably managed by a handful group of people more like a criminal network. 

They put determined effort into digital marketing by making web2.0 SEO blogs, fake videos, fake reviews, the extensive fake network of news around it. And when you do put so much effort into something? Usually, when you are making a lot out of it. 

Here is the whole tech stack around all iPhone Unlock Scams. 

open the image in new tab for more details. 

  • Backlinks have proven to be #1 SEO factor; they have 100K+ backlinks
  • Fake reviews network (using the script, proxies, or even manually adding counterfeit reviews to various websites.) 
  • Google Ads, without even ads cloaking. Oh my.
  • GSMA account . That's how they can decrypt IMEI codes; (it is so hard to get these accounts they say, you need to prove to be the right company they say.)
  • IPs protected by cloud flare (not a surprise.)
  • Deceiving UI, they use a couple of neat tricks here by embedding fake review website they made google change its UI to show them as trusted! They also use fake DCMA and other trusty companies' images and links to lure users easier.

so this is how they appear on the first-page result, and they try to maintain a fake balanced review as much as they can, and when a domain has more than scam review, they retire old domain and get a new one, for example, to

Now let's talk about the actual scam schema. 

  • Put low prices like $20 on google ads to make people reach in. charge them $70 on checkout (they already come in, they most likely pay)
  • To make people trust them, they use their GSMA IMEI database to show they actually can decrypt IMEIS for something like $2 
  • Next is where the scam begins; the unlocks for both sim and iCloud have a similar process. They will show actual progress to users to make them silent and, more importantly, to make time for final cashout.
  • Every day they send progress email to users to make sure users won't ask for a refund after 5 to 6 days when (it gives them enough window to cash out the money.)
  • Next, they send a threating email to users which tells them their phone is stolen if the phone is stolen anybody who ordered probably accept his/her lose and shut up, otherwise, he/she may do a scam report 
  • It's not done yet, just like modern marketing. They even use up-sales and fuels, and they try to scam people even more. 


here is the oversimplified process.



How much we are talking? 

You may think, does anyone even fall for this? Well, let's look at the average traffic then.

And now, let's look at output traffic. Mostly to the shady payment gateway, which helps scammers to cash out and launder their money.


~400k traffic if they scam 50%, let's say ~200k and average scam of $70 it will be $14,000,000. This calculation is just an assumption and in no way accurate,  you can calculate it however you like , if it's even far less than this amount, it's far more than average income of 90% of the whole world population isn't it ? ;)


Takeaways And Conclusion

To scammers: think for a moment, you are smarter than so many people you scam every day. And that's why you can scam them! Why don't you try to serve them? They probably pay you the same amount of money with joy! scamming innocent and weak? just don't.

To victims: Don't buy an unlock services for your phone from any third party period contact the vendor instead. 

PS: Don't get me wrong I'm no saint and sinned fair share amount myself and I believe tech companies like Google, Cloudflare did more good than harm. I Also believe One day, we will be in peace, no one is starving, we don't scam each other, we don't hate, and we live happily, respectfully and equally no matter where, right? 


Till then, luvs.

Assist me:
Buy Me a Coffee at