🚨 ACTIVE FINANCIAL FRAUD ALERT

A sophisticated investment scam operation is actively targeting victims through WhatsApp groups, impersonating legitimate investment advisors to orchestrate a cryptocurrency pump-and-dump scheme. Victims are being groomed through legitimate stock recommendations before being pressured to invest in a fraudulent "AEA token" with promises of 8-12x returns.

Advisory ID
ADV-2025-002
Threat Type
Cryptocurrency Pump & Dump / Pig Butchering
Risk Level
CRITICAL
First Identified
November 10, 2025
Active Status
ONGOING
Reported Losses
Under Investigation

Executive Summary

SecureLeaf has identified an active and sophisticated investment fraud operation targeting individuals through WhatsApp groups under the name "Clyra Capital." The operation employs advanced social engineering tactics, combining legitimate investment advice with psychological manipulation to ultimately defraud victims through a cryptocurrency pump-and-dump scheme centered around a fraudulent "AEA token."

This operation represents a textbook example of "pig butchering" fraud, where scammers build trust over time through seemingly legitimate investment guidance before introducing the actual scam. The operation is notable for its professional presentation, use of multiple personas, sophisticated psychological manipulation tactics, and active use of paid press release services to create false legitimacy.

⚠️ CRITICAL UPDATE: Fake Legitimization Campaign Active

The threat actors have paid for press release distribution on GlobeNewswire and other services, creating the false appearance that major financial news outlets are covering "Clyra Capital." These are paid advertisements, not journalism. Through automatic syndication, one paid press release now appears on dozens of sites including Barchart, MarketersMedia, and Manila Times. The press releases contain:

  • Contradictory information about token listing exchanges
  • Absurd claims of $1.16 trillion in assets under management
  • Illegal guarantees of 800% returns or buybacks
  • The same scam mechanics (point system, lottery allocation) from WhatsApp messages

DO NOT be fooled by "news coverage" on multiple sites - this is ONE paid press release automatically republished everywhere, not independent journalism from multiple sources.

✓ ENFORCEMENT ACTION: GlobeNewswire issued Notice of Disregard (Nov 11, 2025 23:35 PST)
Following our fraud report (Ticket #944684), GlobeNewswire contacted the publisher and removed the fraudulent press release from their website. This demonstrates that reporting fraud works and creates accountability. Syndication partners may still have cached copies that require removal.
Primary Indicators of Fraud:
  • Unsolicited WhatsApp group invitation for exclusive investment opportunities
  • Initial legitimate stock recommendations to build credibility
  • Gamification through a "points system" to increase engagement
  • Pressure to invest in unregistered cryptocurrency token
  • Artificial scarcity through "limited allocation" and lottery systems
  • Unrealistic return promises (8-12x growth projections, 800% guarantees)
  • No verifiable business registration or regulatory compliance
  • Paid press releases disguised as legitimate news coverage
  • Real postpaid cellular account identified - creates law enforcement attribution opportunity

Threat Actor Profile

Operation Details

Sophistication Assessment

This operation demonstrates HIGH sophistication across multiple dimensions:

Professional Presentation

  • Multiple coordinated personas maintaining consistent character roles
  • Professional-sounding investment analysis and market commentary
  • Structured daily briefings mimicking legitimate financial advisory services
  • Use of financial terminology and market data to appear credible
  • Paid press release distribution through GlobeNewswire with automatic syndication to dozens of sites
  • Understanding of how press release syndication creates false appearance of "multiple news sources"

Psychological Engineering

  • Gradual trust-building through legitimate stock recommendations
  • Gamification to create engagement and sunk cost fallacy
  • FOMO (Fear of Missing Out) through artificial scarcity
  • Social proof via coordinated testimonials from fake "members"
  • Authority bias through use of titles like "Professor" and "Mentor"

Attack Methodology: The Five-Phase Fraud

Phase 1: Initial Contact & Hook (Days 1-3)

Victims receive unsolicited WhatsApp group invitations or are added to groups promising "exclusive investment opportunities." Initial messages are professional and welcoming, establishing the group as a legitimate investment advisory service.

[Arlen Valehart]: "Dear Clyra Capital judges, good evening! I'm Arlen Valehart, and I'm delighted to be here with all of you at such a wonderful moment."

Key Tactics:

  • Professional language and terminology
  • Inclusive language ("judges," "warriors")
  • No immediate financial requests
  • Focus on building community atmosphere

Phase 2: Trust Building & Legitimacy (Days 4-14)

The operation provides legitimate stock recommendations (SNAP, GAP) that may result in actual profits. This critical phase establishes credibility and overcomes victim skepticism.

[Damon Ashborne]: "Ticker: GAP Company: Gap, Inc. Buy Zone: Current price Stop Loss: Around $21.50 Take-Profit Targets: First target around $29 / Second target around $34" [Fake testimonial]: "The SNAP stock recommended by Mr. Damon today was really good, I've already made a decent profit"

Key Tactics:

  • Real stock recommendations that may show genuine returns
  • Coordinated fake testimonials from "satisfied members"
  • Professional market analysis to demonstrate expertise
  • No mention of cryptocurrency at this stage

Phase 3: Gamification & Engagement (Days 7-21)

Victims are introduced to a "points system" where they earn rewards for daily engagement, completing tasks, and interacting with group content. This creates psychological investment through sunk cost fallacy.

[Arlene via WhatsApp]: "After you finish voting, send me a screenshot and you'll receive 5 points. You can earn points every day just by sending me your voting screenshot, and these points can be used to join our company's special lottery events for investors." [Arlene]: "Since you're a new member of the group and this is your first time purchasing the professor's recommended stock, you've earned 75 points." [Arlene]: "Each time you complete a task assigned by the professor in the group, you can earn points. Since this is your first completed assignment, you've earned 30 points."

Key Tactics:

  • Daily "voting" requirement on website to maintain engagement
  • Points awarded for completing "assignments" and posting screenshots
  • Creating routine and habit formation
  • Building sunk cost through accumulated points
  • Personal handler (Arlene) providing individualized attention

Phase 4: The Pivot - Introducing the Scam (Days 14-30)

Once trust is established and victims are engaged, the operation introduces the "AEA token" - a fraudulent cryptocurrency that is the actual target of the scam. The token is presented as an exclusive opportunity with limited availability.

[Arlen Valehart]: "Last night's charity gala also brought positive signals for the upcoming AEA token listing, with market attention continuing to rise." [Coordinated testimonial]: "As a cryptocurrency rooted in the AI industry, the AEA token has enormous potential. Nearly all technologically advanced countries are actively developing AI. Considering this, our estimated 8–12x growth range might actually be too conservative" [Damon Ashborne]: "Regarding our AEA Token, which is officially scheduled for listing at the end of this month or the beginning of next month, I believe everyone can sense this moment drawing closer." [Fake scarcity]: "To ensure that the AEA Token achieves stable and sustainable price growth after its listing, we have specifically set a limited allocation quantity."

Key Tactics:

  • Unrealistic return projections (8-12x growth)
  • Artificial scarcity ("limited allocation")
  • Urgency creation ("listing at end of month")
  • Lottery system requiring accumulated points
  • Fake market activity (members "buying from each other")
  • Association with legitimate concepts (AI, blockchain)
  • Fake events (charity galas) to create legitimacy

Phase 5: The Exit Scam (Post-Investment)

Once victims invest in the AEA token, scammers will likely execute one of several exit strategies:

  • Pump & Dump: Coordinate buying to inflate token price, then sell all holdings simultaneously, leaving victims with worthless tokens
  • Rug Pull: Remove liquidity from the token entirely, making it impossible for victims to sell
  • Fake Platform: Token exists only on scammer-controlled platform where withdrawals are blocked or require additional "fees"
  • Complete Disappearance: All communication channels shut down simultaneously

Expected Victim Impact:

  • Total or near-total loss of invested capital
  • No recourse due to unregistered securities and international jurisdiction
  • Potential identity theft if KYC documents were provided
  • Psychological trauma from betrayal of trust

Critical Red Flags

🚩 Critical Red Flags - DO NOT PROCEED if you observe ANY of these:

  1. Unsolicited Financial Advice: Legitimate financial advisors do not add strangers to WhatsApp groups or provide unsolicited investment recommendations
  2. Unregistered Securities: The "AEA token" has no registration with SEC, CFTC, or any regulatory body. No legitimate cryptocurrency launches without regulatory compliance
  3. Guaranteed Returns: Promises of 8-12x returns are unrealistic and illegal. All legitimate investments carry risk disclosures
  4. Artificial Scarcity: "Limited allocation" and lottery systems are classic scam tactics to create FOMO and urgency
  5. Gamification of Investment: Points systems, daily tasks, and voting have no place in legitimate financial services
  6. Pressure Tactics: Constant mentions of "time running out" and "don't miss this opportunity" indicate manipulation
  7. Coordinated Testimonials: Multiple group members posting positive reviews in rapid succession indicates orchestrated social proof
  8. No Business Verification: "Clyra Capital" has no verifiable business registration, regulatory filings, or legitimate online presence
  9. Payment to Platform: Legitimate token investments occur through regulated exchanges, not through direct payment to the promoter
  10. Use of WhatsApp: Professional financial advisors use regulated communication channels, not consumer messaging apps

Psychological Manipulation Techniques Employed

1. Authority Bias

Use of impressive titles ("Professor," "Mentor") and professional language creates false perception of expertise and legitimacy.

2. Social Proof

Coordinated fake testimonials from "other investors" showing huge profits manipulates victims into believing the opportunity is legitimate.

"I followed Mr. Julian and bought gold futures last week. I used 50x leverage, and I am looking forward to it rising above $4,200" "I really hope I can win some AEA tokens in this week's draw. Last week, someone won a $20,000 allocation, it was like hitting the lottery." "The value of the AEA token has already become widely known. I successfully bought tokens from three members, a total of 110! Haha"

3. Sunk Cost Fallacy

The points system creates psychological investment. After spending weeks accumulating points, victims feel they've already invested time and effort, making them more likely to commit financially.

4. Artificial Scarcity

Limited allocation and lottery system creates urgency and FOMO, overriding rational decision-making.

5. Gradual Commitment

Starting with legitimate stock tips, then moving to small tasks, then bigger commitments, is a classic foot-in-the-door technique that gradually increases victim compliance.

Evidence & Indicators of Compromise

⚠️ CRITICAL: Fake Legitimization Campaign

🚨 Scammers Are Using Paid Press Releases to Create False Legitimacy

The threat actors behind this operation have paid for press release distribution on legitimate wire services to create the appearance of credibility. These are not news articles - they are paid advertisements.

Identified Fake Press Releases:

  • GlobeNewswire (Nov 7, 2025): "AEA Token Officially Launched"
    • Anyone can pay $300-1000 to publish on GlobeNewswire
    • Includes disclaimer: "views are the sole responsibility of the experts"
    • Claims listing on PancakeSwap (Nov 24) and "Lumo Exchange" (Dec 1)
    • Press Release ID: 3183354
    • ✓ Fraud report filed and acknowledged - Ticket #944684 (Nov 11, 2025 16:53 PST)
    • ✓ GlobeNewswire issued Notice of Disregard (Nov 11, 2025 23:35 PST)
    • ✓ Original fraudulent content removed from GlobeNewswire website
  • Barchart.com (syndicated press release): "Clyra Capital Partners launches AEA token"
    • Same paid content, syndicated to appear on legitimate financial site
    • Claims listing on Gate.io (Dec 1) - contradicts GlobeNewswire!
    • Claims absurd $1.16 TRILLION assets under management (more than most major banks)
    • Promises illegal guarantee: "800% return or buyback within one month"
    • Press Release ID: 89175168
  • financiallike.com (Sept 2025): "Julian Crestfield" growth strategy
    • Low-quality content farm, not legitimate financial journalism
    • Building fake history dating back to September 2025
    • Introduces "Julian Crestfield" (different from WhatsApp's "Julian")

Press Release Syndication Network (Same Content, Multiple Sites):

The paid press releases have been automatically syndicated to numerous websites, creating the false appearance of "multiple news sources" covering Clyra Capital. This is ONE paid advertisement appearing on many sites:

✓ UPDATE: GlobeNewswire has issued a Notice of Disregard and removed the fraudulent content. However, syndication partners may still have cached copies. The following sites should be monitored and contacted for removal:
  • marketersmedia.com (Press Release ID 89175257 & 89175168)
    • Automatic syndication partner of GlobeNewswire
    • Same exact content as original paid press releases
    • ✓ Site has been notified about the fraudulent nature of Clyra Capital's business
  • manilatimes.net (/tmt-newswire/globenewswire/ section)
    • URL path clearly indicates press release feed: "tmt-newswire/globenewswire/"
    • Not journalism - automatic republishing of wire service content
    • Manila Times doesn't vet press releases, just auto-publishes
  • Additional syndication likely on: Yahoo Finance, Business Insider feeds, and dozens of other financial news aggregators

How Press Release Syndication Scams Work:

  1. Scammers pay $300-1000 for ONE press release on GlobeNewswire
  2. Wire service automatically syndicates to hundreds of partner websites
  3. Same content appears on legitimate-looking domains (Barchart, Manila Times, etc.)
  4. Scammers claim "We're covered by major financial news outlets!"
  5. Victims Google the company, find "news coverage," trust increases
  6. Reality: It's one paid advertisement, not independent journalism

Why This Proves It's a Scam:

  1. Contradictory Information: Can't decide if listing on "Lumo Exchange" or "Gate.io" - because neither is true
  2. Impossible Claims: $1.16 trillion AUM would make them larger than most major financial institutions - absurd for unknown firm
  3. Illegal Guarantees: Promising "800% return or buyback" is securities fraud - no legitimate investment makes such guarantees
  4. Multiple Domains: Uses clyracapital.com AND ccapitalpartner.com - scammers use multiple domains to evade takedowns
  5. Same Scam Mechanics: Press releases describe identical point system (300 for lottery, 1500 for direct allocation) from WhatsApp scam
  6. Widespread Syndication: Paying for maximum distribution shows professional fraud operation with significant resources
How to Identify Paid Press Releases:
  • Look for disclaimers like "views are the sole responsibility" or "this is a press release"
  • Check if content appears identical across multiple sites (syndication)
  • Look for press release ID numbers in URLs (e.g., /89175168)
  • Check URL paths for terms like "newswire," "press-release," "globenewswire"
  • Legitimate news articles have journalist bylines; press releases often don't
  • Search for "press release removal" on the page - paid releases often have takedown forms
  • Real news outlets investigate claims; press releases publish whatever the client pays for

Known Phone Numbers (Block Immediately)

  • +1 (656) 247-6238 - "Arlene" (primary handler)
  • +1 (929) 427-6165 - "Arlen Valehart"
  • +1 (332) 217-5135 - Group participant (likely fake)
  • +1 (929) 584-2684 - "Damon Ashborne"
  • +1 (929) 584-6035 - "Julian" (futures trading) ★ Attribution Opportunity
  • +1 (929) 580-3937 - Clyra Capital representative

Note: Additional numbers likely exist as operation appears to be using multiple phone numbers for fake testimonials.

Phone Intelligence - Attribution Opportunity

Critical Finding: Real Postpaid Cellular Account Identified

Number: +1 (929) 584-6035 ("Julian" - gold futures trading expert)

Network: T-Mobile US-SVR-10X/2 (MCCMNC 310260)

Account Type: Postpaid cellular (NOT VoIP)

Verification: HLR lookup performed November 11, 2025

Significance:

  • This is a real postpaid T-Mobile account, not a VoIP service
  • Opening postpaid account requires: Government-issued ID, credit check, SSN verification, billing address, payment method
  • Account remains active, meaning someone is paying the monthly bill
  • Creates ongoing financial paper trail even if opened with stolen/fraudulent identity
  • T-Mobile maintains legally required customer records subject to law enforcement subpoena

Law Enforcement Value:

  • T-Mobile records subpoenable under 18 U.S.C. § 2703
  • Account holder information, billing address, payment methods on file
  • Call detail records (CDRs) and text message metadata available
  • Device IMEI numbers tracked (links to physical devices)
  • Payment trail more traceable than VoIP services
  • Ongoing monthly payments create continuous attribution opportunity

Operational Security Weakness: While account may have been opened with fraudulent identity, the ongoing payment mechanism likely connects to actual operation funding sources. Payment interruption would disrupt scam operations.

Known Domains & Websites

⚠️ OFFICIAL FRAUD REPORTS FILED:

All identified scam domains have been reported to their respective service providers for fraudulent activity:

  • clyracapital.com: Case ID GW2025111204497331 (Gname registrar) - ✅ DOMAIN NEUTRALIZED via Client Hold (November 13, 2025)
  • ccapitalpartner.com: Case ID DCU100981681 (Hosting provider) - ✅ DOMAIN TAKEN DOWN by Hostinger (November 15, 2025)
  • clyracapital.vip: Case ID GW2025111401068476 (Gname registrar, November 13, 2025) - Registered same day as primary domain takedown

These case IDs can be referenced when filing additional reports or contacting law enforcement.

Website Usage Patterns:

Indicators You May Be Targeted

Protection & Remediation Guidance

Enforcement Success: GlobeNewswire Takes Action

Significant Update (November 11, 2025 23:35 PST):

Following our fraud report (Ticket #944684), GlobeNewswire investigated the fraudulent press release, contacted the publisher, and issued a Notice of Disregard. The original fraudulent content has been removed from GlobeNewswire's website.

Why This Matters:

  • Reporting Works: This demonstrates that responsible disclosure and fraud reporting creates real accountability
  • Press Release Services Can Be Held Accountable: Even paid press release distribution platforms will take action against fraudulent content when properly documented
  • Removes Scammer Legitimacy: The primary source used to create false credibility has been eliminated
  • Precedent for Future Action: Shows that thorough documentation and professional reporting leads to enforcement

Remaining Challenges:

  • Syndication partners (Barchart, MarketersMedia, Manila Times, etc.) may still have cached copies
  • Search engines may continue to index removed content temporarily
  • Scammers may attempt to publish new press releases under different names
  • Victims who already saw the original content may not be aware of the retraction

This enforcement action validates the importance of documenting and reporting fraud professionally. When security researchers provide detailed evidence and follow proper reporting procedures, even sophisticated scam operations can be disrupted.

If You Are Currently Engaged with This Operation

Immediate Actions (Within 24 Hours)

  1. STOP ALL COMMUNICATION: Immediately cease all contact with the group and individual handlers. Do not explain or justify your departure.
  2. DO NOT INVEST: If you have not yet sent money for "AEA token allocation," DO NOT DO SO under any circumstances, regardless of pressure or "limited time" claims.
  3. Document Everything:
    • Take screenshots of all WhatsApp conversations
    • Save all phone numbers and contact information
    • Record website URLs visited
    • Document any money sent (amounts, dates, methods, receiving accounts)
  4. Block All Contacts:
    • Block all phone numbers associated with the operation
    • Exit and delete WhatsApp groups
    • Block numbers at carrier level if harassment continues
  5. Secure Your Accounts:
    • Change passwords on any accounts you accessed via links from the group
    • Enable two-factor authentication on financial accounts
    • Review bank/credit card statements for unauthorized activity

If You Have Already Sent Money

  1. Contact Your Financial Institution IMMEDIATELY:
    • Report the transaction as fraudulent
    • Request immediate stop payment or chargeback if possible
    • Bank wire transfers may be irreversible, but attempt recovery anyway
    • Credit card transactions have better chargeback protections
  2. File Law Enforcement Reports:
  3. Monitor for Identity Theft:
    • Place fraud alert on credit reports
    • Consider credit freeze
    • Monitor credit reports for unauthorized accounts
    • Be alert for follow-up scams ("recovery" services)
  4. Beware of "Recovery" Scams:
    • Scammers often run secondary scams offering to "recover" lost funds for a fee
    • There is NO legitimate service that can recover cryptocurrency sent to scammers
    • Do not engage with anyone claiming they can recover your money

General Investment Fraud Prevention

The "Too Good to Be True" Rule:
  • If someone promises guaranteed returns, it's a scam
  • If there's urgency or artificial scarcity, it's a scam
  • If you're contacted unsolicited with investment opportunities, it's a scam
  • If investments are communicated via WhatsApp/Telegram, it's a scam
  • If there's a "limited allocation" requiring points/lottery, it's a scam

Legitimate Investment Practices

Technical & Operational Analysis

Domain Intelligence (VERIFIED)

WHOIS analysis of clyracapital.com reveals critical indicators consistent with fraudulent operations:

Domain Registration Details:
  • Domain: CLYRACAPITAL.COM
  • Created: August 26, 2025 (only 2.5 months old)
  • Last Updated: November 6, 2025 (recently maintained)
  • Registrar: Gname.com Pte. Ltd. (Singapore)
  • Registrant Country: Singapore (SG)
  • Privacy Protection: Full WHOIS privacy enabled (all registrant details redacted)
  • Nameservers: Cloudflare (ARIADNE.NS.CLOUDFLARE.COM, EVERTON.NS.CLOUDFLARE.COM)
  • Status: clientTransferProhibited

Technical Red Flags from Domain Analysis

🚩 Domain-Based Fraud Indicators:

  1. Extremely New Domain: Created only 2.5 months ago, yet claiming to be established investment firm. Legitimate financial institutions don't operate on brand-new domains.
  2. Singapore Registration with Privacy Protection: Common pattern for fraud operations leveraging Singapore's privacy-friendly registration policies to hide true ownership.
  3. Cloudflare Hosting: While Cloudflare is legitimate, scammers use it to hide actual hosting location and protect against takedowns. Makes it harder to identify real server location.
  4. Recent Activity: Domain updated November 6, 2025 (5 days ago) suggests active maintenance and ongoing operation.
  5. No Historical Presence: Domain created August 2025, operation started targeting victims October/November 2025 - very rapid deployment consistent with organized scam infrastructure.

Infrastructure Assessment

Based on verified evidence, the operation utilizes:

Operational Security (OpSec) Assessment

The threat actors demonstrate HIGH operational security awareness:

This level of OpSec suggests professional cybercriminal operation with experience in evading law enforcement and maintaining persistent infrastructure. The investment in paid press release syndication indicates significant financial resources and understanding of how to manipulate public perception through "news coverage."

Attribution Challenges

Investment fraud operations of this sophistication typically involve:

Estimated Scale of Operation

Based on the level of sophistication and coordination, this operation likely:

Advisory Timeline

August 26, 2025
Domain clyracapital.com registered (Singapore, privacy-protected)
September 2025
Fake "news article" published on financiallike.com to build web presence
October 27, 2025
WhatsApp scam operation begins targeting victims
November 6, 2025
Domain WHOIS updated (ongoing operation maintenance)
November 7, 2025
Paid press release published on GlobeNewswire - fake legitimization campaign begins
November 7-11, 2025
Press release syndicated to multiple sites - Barchart, MarketersMedia, Manila Times, and others automatically republish paid content
November 10, 2025
Fraud operation identified through victim report to SecureLeaf
November 11, 2025
Evidence collected, WHOIS data verified with PGP signature, press releases analyzed
November 11, 2025
HLR lookup reveals postpaid T-Mobile account - creates law enforcement attribution opportunity
November 11, 2025
Press release syndication network documented, MarketersMedia.com notified of fraudulent content
November 11, 2025 16:53 PST
GlobeNewswire acknowledged fraud report - Ticket #944684
November 11, 2025 23:35 PST
GlobeNewswire reached out to publisher and issued Notice of Disregard - fraudulent press release removed from website
November 11, 2025
Public advisory published and updated with domain intelligence and press release analysis
November 11, 2025
Fraud reports filed: clyracapital.com (Case GW2025111204497331) and ccapitalpartner.com (Case DCU100981681)
November 11, 2025
Reports submitted to FBI IC3, FTC, SEC, domain registrar, and press release services
November 13, 2025
Domain clyracapital.com placed on Client Hold by Gname - Following SecureLeaf's complaint, registrar has neutralized the scam domain
November 13, 2025
Threat actors register clyracapital.vip via Gname - Alternate domain registered same day as primary domain takedown, demonstrating infrastructure redundancy
November 13, 2025
clyracapital.vip reported to Gname - Case ID GW2025111401068476 filed same day as registration
November 15, 2025
ccapitalpartner.com taken down by Hostinger - Fast action by hosting provider following SecureLeaf's fraud complaint (Case DCU100981681), domain now inaccessible
November 17, 2025
OpenPR confirms deletion of fraudulent press releases - Two fake Clyra Capital articles removed from OpenPR.com, expanding takedown beyond GlobeNewswire syndication network
November 17, 2025 20:58:01
Gname requests additional confirmation for clyracapital.vip takedown - Registrar seeking further verification before final action, SecureLeaf responded with additional evidence, awaiting final decision
Status Update
Major infrastructure disruption achieved - Primary domains neutralized, secondary scam portal eliminated, threat actors' operational capacity significantly degraded. Final registrar action pending on clyracapital.vip.

References & Resources

Regulatory Resources

Fraud Education

Related Fraud Patterns

Contact Information

SecureLeaf Cybersecurity
Consumer Protection & Financial Fraud Division
Division of Dispensight
Website: secureleaf.dispensight.com

Report Fraud or Request Assistance:
Email: [email protected]
Text: +1 (778) 744-8280

Have You Been Targeted?
If you have encountered this operation or similar investment fraud, please contact us. Your information helps protect others and may assist law enforcement investigations. All reports are treated confidentially.
Media Inquiries:
For media requests regarding this advisory or investment fraud trends, please contact our communications team at the email address above.