If you believe you are actively losing funds, stop reading this page and proceed directly to Phase I: Total Financial Isolation. Audit later; secure your assets now.
Quick Navigation
- 1. Domain Age & Infrastructure Verification
- 2. Identifying AI Hallucinations & Fabricated Text
- 3. Detecting Deepfakes & Fabricated Visuals
- 4. Corporate Registries & Legal Auditing
- Action Plan For Induced Victims
- Phase I: Total Financial Isolation
- Phase II: Preserve The Forensic Trail
- Phase III: Report The Activity
- Need A Deeper Forensic Dive?
1. Domain Age & Infrastructure Verification
Scam sites often operate on freshly registered domains or mask their true origins. Use these tools to peel back the layers:
-
Whois Lookup: Check the Domain
-
Red Flag: Be highly suspicious of sites claiming years of authority whose domains are less than 6 months old.
-
-
VirusTotal: Scan the URL
-
Red Flag: If the site is already flagged by even one security vendor, do not proceed.
-
-
Urlscan.io: Analyze Behavior
-
Red Flag: Use this to see if the site is making hidden outbound connections to suspicious IP addresses.
-
2. Identifying AI Hallucinations & Fabricated Text
Fraudulent sites frequently use AI text generators to churn out fake team bios, legal terms, and blogs. “Hallucinations” occur when these tools fabricate non-existent references, court cases, or professional credentials.
-
Copyleaks AI Detector: Scan the Text
-
Red Flag: While not 100% foolproof, a high probability of “AI-generated” content on a site claiming to be a bespoke professional firm is a major warning.
-
-
The “Boilerplate” Test (Manual):
-
How to do it: Copy a unique, complex sentence from their “About Us” or “Privacy Policy” page. Paste it into a search engine inside quotation marks (e.g.,
"Insert unique sentence here"). -
Red Flag: If the exact text appears across dozens of unrelated, sketchy domains, it is a boilerplate template used by a scam network.
-
3. Detecting Deepfakes & Fabricated Visuals
Scammers rely heavily on AI-generated profile pictures and deepfake videos of fake “executives,” “analysts,” or cloned celebrities to build artificial credibility.
-
Reverse-Image Search (TinEye & Google Lens):
-
How to do it: Use TinEye or Google Lens on staff photos.
-
Red Flag: If an “Executive Director’s” photo appears on multiple unrelated sites under different names, or if it is a generic stock photo, the site is fraudulent.
-
-
Deepware Scanner: Analyze Video Content
-
Red Flag: Use this open-source tool to scan videos for signs of facial manipulation or AI-cloned artifacts.
-
-
Visual Artifact Inspection (Manual):
-
What to look for: AI-generated faces often feature “tells.” Look closely at:
-
Asymmetric features: (e.g., mismatched earrings or warped eyeglasses).
-
Background anomalies: Unnaturally blurred or “blended” edges.
-
Distorted teeth or hair: Fine details that AI models often struggle to render perfectly.
-
-
4. Corporate Registries & Legal Auditing
A legitimate business targeting professional investors or other businesses must be a legally registered entity. Scammers often claim to be “internationally registered” but fail to provide a verifiable government registration number.
-
Official Government Registries:
-
How to do it: Check official databases like OpenCorporates (for global tracking), the SEC EDGAR system (for US financial entities), or provincial/state business registries.
-
Red Flag: If they claim to be a regulated financial or legal firm but cannot be found in government records, the entity is likely a fabrication.
-
-
Independent Reputation Checks:
-
How to do it: Never trust reviews published natively on the site itself. Look up the domain on independent, heavily moderated platforms like ScamAdviser or Trustpilot.
-
Red Flag: A site with zero presence on independent platforms, or one that has exclusively “5-star” reviews posted within a very short timeframe, is highly suspicious.
-
Action Plan for Induced Victims
If you suspect you have already engaged with a deceptive platform, speed is your greatest asset. Execute this triage plan immediately:
Phase I: Total Financial Isolation
-
Revoke Smart Contracts: Use Revoke.cash to immediately sever any active connections between your Web3 wallet and the malicious site.
-
Abandon Compromised Wallets: If your seed phrase or private key was entered on the scam site, move all remaining assets to a brand-new, clean wallet immediately.
-
Freeze Traditional Accounts: If you provided credit card, routing, or wire transfer information, contact your bank’s fraud department to place a “Fraud Freeze” on your accounts.
-
Protect Identity: If your “Know Your Customer” (KYC) identity documents were uploaded, place a fraud alert on your credit files via Equifax and TransUnion.
Phase II: Preserve the Forensic Trail
-
Do not delete any WhatsApp, Telegram, or Discord chat logs.
-
Take full-screen screenshots of usernames, unique IDs, and phone numbers.
-
Record all blockchain addresses and transaction hashes (TxIDs) where funds were sent.
Phase III: Report the Activity
-
Canada: Report to the Canadian Anti-Fraud Centre and the Ontario Securities Commission.
-
United States: File an official report with the FBI IC3 Portal and the Federal Trade Commission.
Need a Deeper Forensic Dive?
When someone is dealing with a potential scam, they are often overwhelmed. Performing a comprehensive audit requires cross-referencing global databases and analyzing complex technical metadata.
Deep-dive forensics can be complex and time-consuming. Fraudulent sites are designed to obfuscate their nature.
If you find your DIY results are inconclusive, you don’t have to carry the uncertainty alone.
My approach to forensic auditing is defined by the commitments I’ve made in my Manifesto on Integrity, ensuring you receive an unbiased, objective analysis you can rely on.
Let me handle the technical heavy lifting so you can move forward with clarity.
Start a conversation about your audit and request a professional assessment here.
© 2026 The AI Integrity Auditor.
Verified Sovereignty through Forensic Truth.