Introduction
I first became aware of this problem when it happened to someone I know.
She works as an exotic dancer in Honolulu and someone created a fake Instagram page with a username very close to her own, with a "_" added at the end. The scammer then proceeded to follow all of her followers with the enticement of offering them access to her "exclusive adult content". Once the follows were completed, the scammer then blocked the original account to prevent her from reporting them to Instagram for impersonating her, which was really smart.
It was only after I contacted my acquaintance to ask if it was really her page and she told me that it wasn't, that I began to have a look at the scam page more closely to see how it worked and to take steps to have it shutdown.
If you want to skip ahead and just find out how you can shutdown the scammers' site, scroll down to "The Short Version".
Getting Started
Of course, the first step would be for the scammer to setup the Instagram account. At least one picture would be copied from the original timeline to serve as a profile picture.
From there, the scammer would follow most or all of the original account's followers and then block the original to prevent the original account from reporting them for impersonation.
Since Instagram doesn't notify you when you have been blocked or unfollowed, the original account is completely unaware that something nefarious is underway, until one of their followers actually contacts them to ask if the new account is really something they created.
At this point, the only option left to the original account is to notify their followers and ask them to report it, which may not do any good since Instagram is very slow to shutdown accounts.
The Shortcut
On the fake profile, a shortened link is provided for interested people to click to be redirected to the adult content site. This shortened link is typically from tinyurl.com. If the tinyurl link is cutoff, you cannot access the link to which it redirects and the scammers' work on building the site on the other side is wasted, until they can create a new shortcut.
TinyURL does not want its service to be used to facilitate criminal activity and they are legally obligated to cutoff access when they are notified of it.
Send an email to privacy@tinyurl.com with the subject line "Reporting Phishing Site". Include the tinyurl.com link itself and the site where it redirects. TinyURL will then investigate and the shortcut link will likely be shutdown within 24 hours, as it was in my case.
I have become aware that rebrand.ly is also being used as a shortcut, send an email to support@rebrandly.com with "Abuse" in the Subject line.
The Main Site
From what I have seen, the scammers' current method of operation involves using free services to help get their scam started. TinyURL is a free service and you can create a free website using Wix. The reason Wix is so appealing is that you don't even need a credit card or any form of identification to open the account, just an email address.
The scammers have attempted to obscure their activities by making their Wix site appear to be a Fansly account. Initially, I thought that the scammer had actually setup a Fansly account, but a quick look at the URL informed me that I was really seeing a Wix page made to appear to be a Fansly profile. Since it wasn't a Fansly account that stole my acquaintance's pictures, notifying Fansly would do me no good, at all.
So, if I wanted the pseudo-Fansly site shutdown, I had to report them to Wix's Abuse Department. Simply go to https://www.wix.com/about/abuse, scroll down to "Phishing or Spam" and click on Send a Report". A chatbot will open and all you'll need to do is copy & paste the offending Wix site into the chat when the bot asks what site you are reporting. When it asks why you're reporting, simply enter that it's a phishing site. After that, you'll need to provide them with your name and email address. Once that's done, click "submit my report" and it's all in their hands now.
As an added measure, you can also post a message on Twitter to make sure the ball gets rolling. There are two accounts which are relevant for our purposes: @Wix and especially @WixHelp. It may take a few hours, but you should receive a reply from @WixHelp with instructions to DM the URL of the offending site. The staff will go back through the abuse reports they've recently received, find your file and give it priority status to get it shutdown as soon as possible.
In your initial tweet to Wix, post something like this:
"I have filed a report with @Wix and @WixHelp regarding a phishing site that was made to look like a @fansly account.
I eagerly await their reply."
Yeah, it does come-off as kind of smarmy, but you need to get someone's attention over there.
So, with the initial report you send through the chatbot, followed by a follow-up tweet, the ball should be moving fairly quickly and the scammer site should be down fairly soon.
Follow the Money
You've seen me refer to the people behind these fake Fansly accounts as "scammers" who are involved in phishing and may be wondering why I have made such allegations. Well, I don't make such accusations lightly.
First of all, the scammers aren't doing all this as a prank, they are in it to make money. The use of free services (i.e. Instagram, TinyURL and Wix) simply helps keep their costs down and improves their bottom line.
When you go the the fake Fansly page, there will be links provided for you to subscribe to the account or to create an account. The links will take you to this page.
You may have noticed the link is to a site pcnghw.com which is not one of the services Fansly uses for its subscribers. No, they aren't even based in the United States, but in Nicosia, Cyprus.
According to its website PCNGHW is a subsidiary of Wesicron Limited and is physically based at Nikiforou Foka 33, Flat/Office 6, 1036, Nicosia, Cyprus. The building also appears to contain a nightclub and I have no idea if the owners and staff of that nightclub are involved in the ongoing scams taking place.
For whatever good it would do, if you want to take a chance and actually contact PCNGHW or Wesicron, here is the contact information they provided, aside from the address:
PCNGHW:
E-mail Support: cs@pcnghw.com
Phone Support: (888) 498-5733
Wesicron Limited:
Email: info@wesicronlimited.com
Call: 3-572-200-7758
Personally, I wouldn't waste my time. Wesicron/PCNGHW has a rather bad reputation, judging by reports from Scam Detector, StopThatCharge and OnlineThreatAlerts, among others. It would be a better use of your time to simply have the scammers' site cutoff and shutdown.
The Short Version
If you wanted to avoid my blah, blah, blah and just get straight to the point of shutting down the scammers' site, here you go:
Shutdown the Wix site: Simply go to https://www.wix.com/about/abuse, scroll down to "Phishing or Spam" and click on Send a Report". A chatbot will open and all you'll need to do is copy & paste the offending Wix site into the chat when the bot asks what site you are reporting. When it asks why you're reporting, simply enter that it's a phishing site. After that, you'll need to provide them with your name and email address. Once that's done, click "submit my report".
Shutdown the shortcut: Send an email to privacy@tinyurl.com with the subject line "Reporting Phishing Site". Include the tinyurl.com link itself and the site where it redirects. If they're using rebrand.ly send email to support@rebrandly.com with "Abuse" in the Subject line.
Report the Instagram account: if you are not blocked, report them for impersonating you and ask all of your followers to block them. If you are blocked, ask your followers to report and block the scammers' page.
A Final Word
Scammers are certainly resilient and change tactics when their old methods no longer work. So, it's likely that I will have to update this blog post at a later date.
To support and encourage my work send $1 to:
CashApp: $postmates808
Venmo: @postmates808
Duane Browning
