Woodn't You Believe It? The Rise of Fake Wood Scams

Introduction

Social media has become a key vector for scammers because of the relative ease with which fraudsters can impersonate legitimate companies, placing ads for non-existent goods and services, and infiltrate online marketplaces.

For decades a scam operated by Les brouteurs, a group of independent individuals mostly operating from Côte d’Ivoire and neighboring Cameroon and Benin, has popped up on Facebook. This one in particular, targeting the residents of towns and villages across France with seemingly innocuous advertisements for firewood. As the weather cools, these pages appear to promote great deals, which have scammed individuals in the region out of thousands of Euros year on year, as they look to stock up on fuel sources ahead of the winter months.

For the purpose of this report, Group-IB analysts infiltrated the scam to show how easily fraudsters falsify documents and impersonate legitimate businesses in order to persuade even the most cautious of targets.

Who will find this report interesting

• Cybersecurity analysts and corporate security teams
• Cyber investigators
• Computer Emergency Response Teams
• Law enforcement investigators
• Cyber Police Forces
• Consumers
• Businesses

How these scams work

“Les brouteurs” is a nickname given to these types of scammers, which translates to “the grazers” and refers to grazing animals who get their food without much effort, because of the simple nature of such scams.

Today these scams are a dime-a-dozen and easily spotted, yet social media users still fall victim because the scammers’ methods of persuasion and ability to falsify authentic looking documents quickly with AI are continually evolving.

Group-IB infiltrated the scam to reveal the game play of its fraudsters and test just how easily an individual could be persuaded to buy this non-existent wood. Once the product advertisement is posted on Facebook, scammers monitor for interest from social media users. Individuals interact with the post, asking about the availability of stock in their area, revealing their location. From here the scammer will impersonate friendly and helpful salespeople, initiating a conversation and eventually asking to be contacted by private message. Once a private conversation is established, the scammers will make claims about the quality of their products, provide product information, images and prices.

Our Group-IB Computer Emergency Response Team (CERT) analyst initiated contact with one of these individuals, and in under an hour had been given stock images, price quotes, a copy of a fake certification, evidence of the legitimacy of the business, and an invoice and finally given IBAN details for the payment of the order.

Figure 1: Process of the Scam

Figure 3. A screenshot from Facebook with comments from other users showing interest in the sale of pallets and firewood offered from the scammer.

Once the offer is online, the scammer waits for people to comment and show their interest. In the screenshot above (Figure 3),  people can be seen asking about the available stock, claiming interest, and even inquiring if the pellets of firewood could be delivered to the city they live in.

The scammer will then respond to the conversations with their prospective victims within their Facebook post, or ask to be contacted via private message. For the purpose of this blog, our CERT analyst contacted one of these scammers, to uncover how the scam is perpetrated. The following is the conversation with the scammer via Facebook Messenger, with Group-IB’s CERT analyst in blue, and the scammer in gray.

Following this conversation, the scammer then proceeds to send a copy of what appears to be a certificate to assure their victim of the quality of the wood.

Figure 6. A copy of a certificate that the scammer used to assure their victims of the quality of their wood.

The scammer then proceeds to ask their victim to provide their name, email address, telephone number, and their residential address.

Once the victim provides their personal information, the scammer produces an invoice for their order. Interestingly, the price indicated within the invoice does not accurately reflect the total price for the quantity requested, as stated earlier in Figure 4.

Figure 9. An invoice that the scammer sends to their victims to facilitate payment for their order.

As stated in the prior conversation (Figure 8), the scammer finally sends a copy of a fake Patro certificate to Group-IB’s CERT analyst.

Figure 10. A fake Patro certificate sent by the scammer.

Finally, if the victim agrees to the invoice, the scammer will provide their victim with an international bank account number (IBAN) to which the money should be sent to.

Once the victim sends the payment to the bank account, the scammers will no longer be contactable, and the victim’s money is lost forever. It is very difficult to reclaim the money lost to the scammer, as the victims initiated the payment or money transfer themselves.

Unearthing the Roots of Deception

In hindsight, there are comments from other users on Facebook that point out that this is actually a scam.

Based on the SIRET (Système d’identification du répertoire des établissements) number—which is used to identify any French establishment or business—we can see that it is actually registered to another company named Sivalbp, which is a french manufacturer of wood cladding for interior and exterior use. The scammers simply used the SIRET number belonging to a legitimate business and passed it on as their own.

Figure 13. A screenshot of the business registration information provided by the scammers.

Figure 14. A screenshot of the KBIS platform, revealing that the SIRET number that the scammer used is actually registered to another business entity.

Conclusion

The ongoing issue of wood-related scams, particularly prevalent on platforms like Facebook, continues to affect many individuals in France. These scams are typically perpetrated by individuals operating independently from Africa, often with the assistance of a partner in Europe for banking purposes. Although current scammers are somewhat easily identifiable, they are adapting and improving their tactics. With advancements in technology, including AI, there is a genuine concern that these scammers will become increasingly convincing and harder to detect, posing a growing threat to potential victims.

Recommendations

For consumers

Sadly people fall for these scams everyday because a deal seems too good to miss out on, and that is the number one rule for staying safe online – if a deal looks too good to be true, it probably is.

• It is also prudent to always cross-check the establishment’s business registration number against a reliable business registry service, to ascertain the authenticity of the information provided.
• As a general rule, it is very important not to trust any stranger on social networks ready to sell you something and make you pay them directly.
• Look for telltale signs of deceit: Check the comments section of the post to see if any other users have commented that it is a scam.

For businesses

Scammers are becoming increasingly sophisticated in their tactics and techniques, often impersonating legitimate businesses, or using authentic credentials to scam their victims. It is therefore imperative that businesses protect their reputation and online presence, to ensure business continuity and consumer trust.

The Digital Risk Protection service offered by Group-IB can protect both victims as well as companies impersonated by scammers through its 24/7 Social Network monitoring, which allows our analysts to detect and act quickly against this type of fraud.