ACTIVE ALERTS:3
CapPath

FRAUD INTELLIGENCE ALERTS

Active threat intelligence.

Capital Path publishes alerts on active financial crime typologies, emerging scam networks, and flagged operational patterns. Alerts remain active until formally closed.

3 Active alerts · 12 Closed alerts · Last updated: Q4 2024

ACTIVEHIGHCP-ALERT-2024-001

Pig butchering investment fraud networks — Telegram-based, targeting Western Europe

Crypto fraudSocial engineeringInvestment fraud

Capital Path has identified a coordinated network of pig butchering (sha zhu pan) fraud operations using Telegram as primary contact channel. Victims are cultivated over weeks via romantic or professional relationships before being directed to fraudulent investment platforms mimicking legitimate crypto exchanges. Average victim loss: $28,000–$180,000 USD. Funds are routed through multiple wallet hops before consolidation at exchanges in Southeast Asia.

Indicators

  • ·Unsolicited contact via Telegram or WhatsApp
  • ·Platforms with names resembling legitimate exchanges (e.g. "Coinbase-Pro.net", "Binance-VIP.io")
  • ·Requests to move funds to "personal wallets" for tax efficiency
  • ·Pressure to invest larger amounts before any withdrawal
GermanyNetherlandsUnited KingdomBelgiumFrance
Published: October 2024 · Last reviewed: December 2024
ACTIVEHIGHCP-ALERT-2024-002

Advance fee fraud targeting SME business owners — impersonation of EU grant programs

Advance fee fraudImpersonationBusiness fraud

Capital Path has received multiple case submissions relating to a coordinated advance fee scheme in which actors impersonate EU Horizon and Interreg grant program administrators. Victims — typically small business owners — are contacted by email and directed to fraudulent portals requesting processing fees of €2,000–€15,000 to release fabricated grant approvals. No funds are recovered after payment.

Indicators

  • ·Emails from domains mimicking europa.eu (e.g. "horizon-grants.eu", "eu-interreg.org")
  • ·Requests for upfront fees described as "administrative processing"
  • ·Urgency framing: "Grant expires in 48 hours"
  • ·Poor but not obviously broken English
NetherlandsGermanyBelgiumAustria
Published: September 2024 · Last reviewed: November 2024
ACTIVEMEDIUMCP-ALERT-2024-003

Fraudulent recovery services targeting prior crypto fraud victims

Recovery fraudSecondary victimizationImpersonation

Capital Path has identified a secondary fraud typology in which actors target individuals who have previously lost funds to crypto fraud, offering fake recovery services. Victims are charged upfront fees of $500–$5,000 USD for "blockchain tracing" and "legal recovery" services that are never delivered. Some actors explicitly impersonate Capital Path or similar organizations by name. Capital Path does not cold-contact individuals and never requests upfront payment before a formal case assessment.

Indicators

  • ·Unsolicited contact claiming knowledge of a prior fraud
  • ·Upfront fee requests before any written agreement
  • ·Claims to have already identified the perpetrator
  • ·Use of Capital Path name or similar authority names without verification
United KingdomCanadaAustraliaUnited States
Published: November 2024 · Last reviewed: December 2024
Closed alerts (12)+
CP-ALERT-2023-001Crypto investment platforms targeting retirees — UK & AustraliaClosed: March 2024Typology disrupted
CP-ALERT-2023-002Romance fraud networks via dating apps — North AmericaClosed: April 2024Perpetrators referred
CP-ALERT-2023-003Fake FX trading platforms — EU-wideClosed: May 2024No longer active
CP-ALERT-2023-004Binary options fraud resurgence — GlobalClosed: June 2024Typology disrupted
CP-ALERT-2023-005Impersonation of central banks via phone — DACH regionClosed: July 2024Perpetrators referred
CP-ALERT-2023-006Business email compromise targeting legal firms — UKClosed: August 2024Perpetrators referred
CP-ALERT-2023-007NFT fraud targeting Asia-Pacific collectorsClosed: August 2024No longer active
CP-ALERT-2023-008Synthetic identity fraud — banking onboardingClosed: September 2024Typology disrupted
CP-ALERT-2023-009Rug pull schemes on decentralised exchanges — GlobalClosed: September 2024Perpetrators referred
CP-ALERT-2023-010SWIFT fraud targeting mid-size corporates — EUClosed: October 2024Perpetrators referred
CP-ALERT-2023-011Clone firm investment fraud — United KingdomClosed: October 2024Typology disrupted
CP-ALERT-2023-012Social media investment scams via Instagram — US & CanadaClosed: November 2024No longer active

Have information related to an active alert?

Submit an anonymous tip.