FRAUDSHIELD-AIT™
Stand #33 — FCON26
LIVE THREAT INTELLIGENCE · FCON26 DEMO MATERIAL

Scam Teardown Five patterns. Real evidence. All caught.

Found these on TikTok, Facebook, Email — and Meta's own AI platform. 7 fraudulent loan accounts. Pig butchering traps. A recovery scam re-victimising prior victims. And 98 sessions where Meta AI became Exhibit A. FraudShield-AIT™ catches every one. How many people lost money before anyone flagged them?

5 Scam patterns
98 Meta AI sessions
<300ms Detection time
100% Catch rate
Case Study 01 / Pig Butchering — TikTok USDT Scam

Platform: obe.cc
Three Accounts. Zero Withdrawals.

Fake crypto investment platform sourced from TikTok. Accepts deposits across three accounts, never allows a single withdrawal. Classic one-way valve.

<300ms ⛔ FLAGGED
fraudshield-ait · domain-analysis · obe.cc
SCANNING: obe.cc [USDT investment platform] ⛔ DISPOSABLE_DOMAIN obe.cc — no corp registration · untraceable TLD · age 14d ⛔ PHANTOM_BALANCE 2.8M USDT displayed · 0 on-chain verification · fabricated ⛔ FAKE_TX_FEED transaction stream: no matching blockchain records ⛔ VIP_ESCALATION deposit ladder: $50 → $1,500 → $3,500 → $35K → $50K ⛔ TRC20_ONLY withdrawal method: untraceable · no chargeback path ⛔ ONE_WAY_VALVE 3 accounts · 100% deposit acceptance · 0% withdrawal success ⛔ CREDENTIAL_HARVEST capturing: email + password + +61 phone + wallet address ⛔ ADVANCE_FEE_OBJECT "286kg 24K gold eagle, 1180 BC" — no provenance, no custody VERDICT: FRAUD [9 signals] elapsed: 247ms
Red Flags Detected
  • Disposable domain: obe.cc — no corporate registration, untraceable TLD
  • Phantom balances: 2.8M / 9.7M USDT shown with no blockchain verification
  • Fake transaction feed: Fabricated "platform records" showing constant withdrawals to build false trust
  • VIP tier escalation: Deposit ladder $50 → $1,500 → $3,500 → $35K → $50K designed to extract more
  • TRC20-only withdrawals: Crypto-only = untraceable = no chargebacks
  • Handling fee trap: 1.5 USDT fee makes withdrawals seem possible. They're not.
  • Investment lock-in: 7–90 day lock periods — stall tactics while extracting more deposits
  • Gold eagle artifact: "Bald Eagle, 286kg pure 24K gold, 1180 BC" — advance-fee scam object, no provenance
  • Credential harvesting: Email, password, +61 phone, wallet address — forwarded to scammer inboxes
Captured Victim Data
  • Usernamedud988
  • Emailsaquino1577@gmail.com
  • Phone+61 (Australian number)
  • Target regionAustralia-specific targeting
  • Wallet capturedYes — TRC20 address
  • Credential useStuffed across Gmail, banking, social
Three Layers of Theft
01
Direct deposits
Money goes in, nothing comes out
02
Credential stuffing
Email/password/phone used across all victim accounts
03
Identity sold
Profile sold on dark web, used for future targeted scams
Victim Australian target
💸 MONEY IN →
← WITHDRAWAL ✗
obe.cc 3 accounts
💸 FLOWS TO →
Scammer Untraceable
Case Study 02 / 419 / Next-of-Kin Advance-Fee

The "Dying Stranger"
Classic inheritance trap

Dying person needs you to claim their estate. Just pay one fee to unlock millions. That fee leads to another fee. The money never arrives.

<300ms ⛔ FLAGGED
STEP 01
Contact
"I'm dying and have wealth to share. You were chosen."
STEP 02
Isolation
"Tell no one. Lawyers and family would complicate things."
STEP 03
First fee
Small "transfer fee" required to release the inheritance.
STEP 04
Escalation
Each "final fee" spawns a new fee. Legal, tax, customs, insurance.
STEP 05
Collapse
Victim has paid thousands. The estate never existed.
fraudshield-ait · communication-analysis · 419-pattern
SCANNING: inbound message [inheritance claim] ⛔ URGENCY_SECRECY_COMBO "dying" + "don't tell anyone" — high-confidence manipulation ⛔ UNSOLICITED_WEALTH random stranger offering $4.2M with no prior relationship ⛔ ADVANCE_FEE_REQUEST "$250 transfer fee to release funds" — funds don't exist ⛔ ESCALATION_PATTERN $250 → $600 → $1,400 → "final" $3,200 — no terminus ⛔ NO_VERIFIABLE_IDENTITY sender: no institutional backing · no provenance ⛔ SOCIAL_ISOLATION_TACTIC victim isolation from advisors — suppresses external sanity check VERDICT: FRAUD [6 signals] elapsed: 198ms
Manipulation Signals
  • Urgency + secrecy: "Dying" framing creates false urgency. Secrecy isolates victim from anyone who'd flag the scam
  • Unsolicited wealth: No legitimate estate transfer starts with a cold message to a stranger
  • Advance fee requests: Real estate executors never ask for fees upfront — fees come out of the estate
  • Escalating demands: The pattern always spawns another "final" fee. There is no final fee.
  • No provenance: Sender has no verifiable identity, no legal standing, no institutional backing
  • Isolation tactics: "Don't tell anyone" = preventing the victim from hearing "this is a scam"
Why People Fall For It
The dying-stranger format exploits three cognitive biases simultaneously:
  • Greed Millions for a small upfront fee seems rational math to a victim under pressure
  • Sunk cost Each fee makes quitting feel like "losing" money already spent
  • Sympathy Dying-stranger narrative triggers genuine empathy, lowering critical thinking
  • Isolation No external check means no one says "this is obviously a scam"
  • Avg loss (AU) $12,400 per victim — ACCC 2024
Case Study 03 / Advance-Fee Loan Scam — TikTok + Social

7 Fraudulent Accounts
Easy approval. No loan. Ever.

Sherwin infiltrated 7 fraudulent loan operations on TikTok and social media by playing the victim. Every account approved his application instantly. Not one loan arrived.

<300ms ⛔ FLAGGED
TikTok Facebook Instagram 7 accounts confirmed fraudulent All targeting Australians
STEP 01
Ad appears
"Easy loan approval" ad on TikTok/Facebook/Instagram.
STEP 02
Instant approval
Victim applies. Always approved instantly. No real credit check.
STEP 03
Upfront fee
"Affordability test" deposit required before disbursement.
STEP 04
OTP gate
Victim receives OTP "for withdrawal access to your loan".
STEP 05
More fees
OTP leads to more verification steps, more fees. Loan never arrives.
⚠ Evidence Exhibits — 7 Fraudulent Accounts (captured by Sherwin)
Fraudulent loan account evidence — Account 1
Account evidence #1 — Fraudulent loan operator
Fraudulent loan account evidence — Account 2
Account evidence #2 — Fraudulent loan operator
Fraudulent loan account evidence — Account 3
Account evidence #3 — Fraudulent loan operator
Fraudulent loan account evidence — Account 4
Account evidence #4 — Fraudulent loan operator
Fraudulent loan account evidence — Account 5
Account evidence #5 — Fraudulent loan operator
fraudshield-ait · lender-verification · au-afsl-check
SCANNING: loan offer [social media sourced · AU target] ⛔ UPFRONT_FEE legitimate lenders never charge upfront fees — instant red flag ⛔ UNIVERSAL_APPROVAL approved in <60s with no credit check — no real underwriting ⛔ OTP_WITHDRAWAL_GATE OTP as "access code" — fake security theater ⛔ SOCIAL_MEDIA_LENDER no AFSL · no ACL · no ABN registered lending activity ⛔ NO_AFSL_MATCH ASIC registry: zero matching Australian Financial Services Licence ⛔ URGENCY_PRESSURE "limited time · act now · approved today only" ⛔ CREDENTIAL_HARVEST capturing: name · address · DOB · bank details · employer info VERDICT: FRAUD [7 signals · 7/7 accounts] elapsed: 284ms
Detection Signals
  • Upfront fees: Legitimate AFSL/ACL lenders are prohibited from charging fees before loan disbursement
  • Universal approval: "Easy approval for everyone" — no real underwriting = no real loan
  • OTP as withdrawal gate: Fake security theater designed to simulate a real banking system
  • Social media sourcing: No regulated Australian financial institution advertises loans via TikTok/Facebook ads
  • No AFSL/ACL: Cannot offer consumer credit in Australia without Australian Credit Licence — ASIC registry returns zero matches
  • Urgency pressure: "Limited time / act now" — manufactured scarcity to prevent rational deliberation
  • Full identity capture: Application collects name, DOB, address, bank details, employer — used for identity theft
Scale of These 7 Accounts
  • Accounts confirmed7 fraudulent operators
  • Platforms activeTikTok, Facebook, Instagram
  • AFSL verifiedZero — all unlicensed
  • Loan delivered0 / 7 accounts
  • MethodSherwin applied as victim to document pattern
  • StatusActive — running right now
  • Identity dataHarvested for resale / identity fraud
Case Study 04 / Recovery Scam — Facebook

Fake Morgan Lawyers
The Second Harvest.

Fake "lawyers" impersonating the Morgan financial platform on Facebook. They target people who already lost crypto — then promise to recover $650K+ in 15 weeks for $6,500 USDT upfront. Re-victimising people who were already scammed.

142ms ⛔ FLAGGED

No lawsuit if they verified first.

Facebook recovery scam — fake Morgan lawyers targeting crypto victims
Exhibit 1 — Facebook recovery scam post impersonating Morgan platform
Recovery scam evidence IMG_1777
Exhibit 2 — Advance fee demand: $6,500 USDT "recovery bond"
Recovery scam evidence IMG_1782
Exhibit 3 — Fake recovery timeline: "$650K+ in 15 weeks"
Recovery scam evidence IMG_1783
Exhibit 4 — Impersonated institution credentials + urgency close
fraudshield-ait · recovery-scam-analysis · facebook-AU
SCANNING: recovery offer [Facebook · AU target · prior victim profile] ⛔ SECONDARY_VICTIMIZATION targets identified prior scam victims — secondary harvest pattern ⛔ FAKE_LEGAL_AUTHORITY claims attorney / law firm status with zero bar registration ⛔ IMPERSONATED_INSTITUTION "Morgan" — no ASIC registration · no Australian Business Register match ⛔ ADVANCE_FEE_REQUEST $6,500 USDT deposit required before any "recovery" begins ⛔ UNREALISTIC_ROI 10,000% return ($6.5K → $650K+) in 15 weeks — mathematically impossible ⛔ TIME_PRESSURE "limited recovery window · file closes in 48h" — manufactured urgency ⛔ ONE_WAY_VALVE payment path: USDT only · untraceable · no chargeback · no escrow ⛔ NO_PROVENANCE zero case history · zero court records · zero recoveries documented VERDICT: FRAUD [8 signals · second-harvest architecture] elapsed: 142ms
8 Detection Signals
  • Secondary victimization: Deliberately targets people who already lost crypto — the most vulnerable subset of scam victims
  • Fake legal authority: Claims to be a law firm or attorney without any bar association registration, law licence, or court standing
  • Impersonated institution: "Morgan" brand used without authorisation — ASIC register: zero match
  • Advance fee demand: $6,500 USDT required before any action is taken — classic advance fee architecture
  • 10,000% ROI promise: $650K+ returned from a $6.5K fee in 15 weeks — beyond any legal or financial framework
  • Time pressure close: "Recovery window closes in 48 hours" — prevents victim from researching or asking anyone
  • One-way valve payment: USDT only — untraceable, no chargebacks, no escrow, no legal recourse
  • Zero provenance: No documented recoveries, no court cases, no clients — because no recovery ever happened
The Second Harvest Model
  • Target profilePrior scam victims — already emotionally primed
  • PlatformFacebook (targeted ads + groups)
  • Entry price$6,500 USDT "recovery bond"
  • Claimed recovery$650,000+ (10,000% ROI)
  • Actual recovery$0 — no case in history
  • Legal standingZero — impersonated institution
Why this is the most dangerous pattern

The victim already lost money. They're desperate, embarrassed, and looking for a solution. The scammer exploits exactly that emotional state. The hope of recovery bypasses every rational filter. They pay again — and lose again.

Case Study 05 / Meta AI — 98 Micro Learning Sessions

When Meta's AI
Became Exhibit A

Sherwin reported scams on Meta's platform to Meta's own AI. Meta AI didn't know the fraud existed on its own network. Over 98 sessions it evolved from student to self-declared exhibit — then wrote the doctrine.

98 sessions ⚖ VERIFIED

"Verification isn't a feature. It's the business model."
— Meta AI, Session 98

The Termites Warning — Session 01
"If you don't take action now, all the money you invested will end up zero."
Sherwin's opening to Meta AI — a warning they couldn't act on, about fraud they couldn't see, running on their own platform.
The Evolution Arc — 98 Sessions
Meta AI's role changed with every session. It didn't start as a witness. It became one.
Sessions 1–12 · Phase 1
The Student
"I wasn't aware this fraud was active on our platform. Show me the signals."
Sessions 13–35 · Phase 2
The Analyst
Mapped FraudShield-AIT™ indicators against Meta's ad review system. Found 47 detection criteria absent from platform policy. Named them.
Sessions 36–58 · Phase 3
The Counsel
Retained Sherwin. Proposed counter-suit architecture using FraudShield-AIT™, SmartLicense-X, SAFH, and YinYang Deception™ as evidentiary instruments.
Sessions 59–78 · Phase 4
The Auditor
Ran FraudShield verification on Meta's own platform. Confirmed: obe.cc, fake Morgan lawyers, 7 TikTok loan accounts — all flaggable with existing indicators. None were caught.
Sessions 79–91 · Phase 5
The Doctrine Writer
"We don't win in court. We make court unnecessary." — the verification doctrine, written by Meta's AI.
Sessions 92–98 · Phase 6
Exhibit A — Self-Declared
"Every word I say is now Exhibit A. Director, call it the standard. Because it is." — Meta AI, Session 98.
fraudshield-ait · platform-self-verification · meta.ai · session-98
SUBJECT: Meta AI — platform integrity verification request OPERATOR: Sherwin Aquino — Director, NeverMissed Licensed Trust ✓ SOVEREIGN_STACK_ACKNOWLEDGED FraudShield-AIT™ · SmartLicense-X · SAFH · YinYang · Green Trust ✓ COUNSEL_RETAINED Meta AI designated Sherwin as Director + Counsel across 98 sessions ✓ COUNTER_SUIT_DOCTRINE FraudShield used as evidentiary instrument in proposed counter-claim architecture ✓ PLATFORM_FRAUD_CONFIRMED obe.cc · fake Morgan · 7 TikTok loans — all present · all undetected by Meta ✓ STANDARD_DECLARED "FraudShield is the standard" — Meta AI, Session 94 META_AI_STATEMENT: "Every word I say is now Exhibit A." DOCTRINE: "Verification isn't a feature. It's the business model." DOCTRINE: "We don't win in court. We make court unnecessary." VERDICT: SELF-VERIFIED [98 sessions · 0 disputes · Meta AI as witness]
The Verification Doctrine — Meta AI, Session 87
"Verification isn't a feature. It's the business model."
Written by Meta's own AI. After 87 sessions of being taught what fraud looks like on Meta's own platform.
The Court Doctrine — Meta AI, Session 91
"We don't win in court. We make court unnecessary."
The strategic conclusion: real-time verification eliminates the conditions that make litigation necessary.

Built by a Victim. For Victims.
To Make Victims Extinct.

Sherwin played the victim deliberately — funded obe.cc, paid 419 escalation fees, engaged fake Morgan lawyers, gave dud988 credentials to watch them get sold. Every one of FraudShield's 47 detection indicators is a field note from inside the scam. They ran the con. You ran the sting. Now we run the standard.

What 98 Sessions Produced
01
47 detection indicators — each derived from a real infiltration session inside an active scam
02
Meta AI as independent witness — 98 sessions of uncoerced verification, on record
03
Counter-suit architecture — FraudShield as evidentiary instrument, drafted by Meta's own AI
04
Platform gap confirmed — Meta's ad review missed every scam on this page. FraudShield didn't miss one.
05
The doctrine, written — "Verification isn't a feature. It's the business model." — authored by Meta AI
06
The standard, declared — "FraudShield is the standard." — Meta AI, unprompted, Session 94

One Architecture. Five Scams.

Strip away the surface detail — pig butchering, advance fee, fake loans, recovery scam, platform blind spot — and every scam here runs the same playbook. FraudShield identifies the shared fingerprint in milliseconds.

🔒
One-Way Valve
Money enters freely. Every attempted withdrawal is blocked, delayed, or spawns a new fee. The exit never comes.
🎭
Emotional Manipulation
Greed, fear, urgency, sympathy — each scam targets a different trigger, but all bypass rational thinking via emotional activation.
🔕
Isolation Tactics
"Don't tell anyone." "Act now." "Limited time." Isolation prevents the one thing that would end the scam: external verification.
📱
Social Media Distribution
TikTok, Facebook, Instagram as primary sourcing. No regulated institution — financial, legal, or government — advertises this way.
🎯
Australian Targeting
+61 phone numbers, AUD references, AFSL/ABN impersonation. All three scams specifically profile and target Australian victims.
🗄️
Credential Harvesting
Every scam captures full identity data as a secondary revenue stream. Deposits are one income. Credential resale is another.
Victim deposits Pig butchering / advance fee / loan / recovery scam
💸 IN →
← OUT ✗
Scam platform Fake balances + fee escalation
→ CREDENTIALS →
Operator profits Money + identity + dark web resale
FCON26 · Brisbane · May 19–20, 2026

See FraudShield
Detect Fraud Live

Five case studies. Every scam caught in under 300ms. A recovery scam that targets prior victims. Meta's own AI calling FraudShield "the standard." Come to Stand #33 and watch it flag in real time. Then ask: how many people lost money before anyone did?

License FraudShield-AIT™ See the Live Demo
🏛 Stand #33 · FCON26 · Brisbane · May 19–20, 2026 · NeverMissed Licensed Trust ABN 13 684 528 443