In this thread I will talk about a massive scam group impersonating US weed dispensaries. A summary of the whole thing, as well as a list of their 24 websites and dozens of phone numbers will be provided at the bottom if you don’t wanna read everything, because I’ll be talking a lot.
A few weeks ago, a friend contacted me and showed me a scam that was happening on Google Maps. A group of unknown people were hijacking weed dispensaries (and even other shops) listings on Google Maps by using hacked accounts to upload a ton of AI-generated pictures of the business (example : https://imgur.com/a/elyyMhQ)
The goal with these pictures is to contact Google Maps “hey look, I’m the owner, I have so many pictures of my shop”. If it works, Google Maps will grant them the listing and they will be able to put their own fake websites & phone numbers on the listing. We have spotted a few listings that they successfully hijacked to put their advertisement
This is a list of their known hacked google accounts, that they use to hijack listings or to rate them with 5 stars : Google scam accs - cameroon weed scams - Pastes.io
And this is a list of the known Google Maps listings they have hacked or attempting to hack : google maps listings scams - Pastes.io
Their fake websites
The guys behind this scam purchases domain names and create Woocommerce websites filled with a lot of items and a few different sections just like a real shop would, except for a few parts :
- You are forced to put at least 50/100/150$ (depending on the website) in your cart to be allowed to complete the order.
- When you try to pay, a message tells you that you have to call a number to complete the payment. This is where the scam begins, as it’s a scammer from a call-center that will pick up the phone. We suspect (but are not sure) that most of the call-center scammers are Pakistani, as most of them have a heavy South Asian accent and they get angry when you joke about Pakistan (while they laugh when you joke about India or other countries nearby)
- Their only payment means are Cashapp, Zelle, Venmo and Bitcoin
Of course, their website is completely fake and the orders are too, the goal of the scam is simply to take your money. The websites themselves are poorly made (some of them don’t even work properly, you can’t even make an order even if you wanted to) and poorly secured (on some of them, you can copy API requests that are made when creating orders and repeat them as long as you want)
Here is a list of all their working websites, we have caught 24 of them so far : Cameroon weed scammers - fake websites - Pastes.io
By the way, one of their websites is a skincare shop, which suggests they may target other fields unrelated to weed dispensaries
Their phone numbers & call centers
We aren’t sure if every website has a dedicated group of scammers on the phone or if it’s only 1 call-center for all the websites, but those scammers are tasked with guiding you through the order until you pay. My friend who extensively called them thinks there’s at least a dozen scammers in the call-center.
Once you paid, there seems to be a 2nd part to the scam where you will have to pay a “delivery fee” or “insurance fee” to make sure your delivery arrives safely. We got this information from reports on the BBB website made by people they scammed (I will talk about those later) since we never got to that stage
Since they have at least 24 fake websites, they have dozens of phone numbers / WhatsApp numbers that I link here : scam numbers (cameroon weed) - Pastebin.com
Their chat support
On every website, there’s a little chat icone on the bottom right corner where you can directly talk with the “support” in case you have a problem. The scammer(s) answering this is (are) one of the Cameroonian scammers behind the operation, you will see later how I know that. Those guys sometimes answers the phone too
Ongoing procedures
My friend has warned many dispensaries whose brands were stolen about the scam, so far at least 3 of them have put their legal teams on the matter and are doing requests to recover their listings, to take down the fraudulent listings and to take down the domains that copies their brand
The FBI, FTC, various state jurisdictions and the Australian Federal Police (they have an Australian fake website too) have also been contacted.
Who is behind all of this ?
With my friends, we started investigating them by looking at their website and my friend called their number (this is how we got the Pakistan thing), but things started to get interesting when we WHOISed their domains and noticed that a lot of them were registered under 3 email addresses : [email protected], [email protected] and [email protected]
The phone numbers associated with those registrants were US numbers probably belonging to the Cameroon scammers themselves, as my friend called them and the guys who picked up had an African accent and were sleeping when they got called at 1am GMT+1 (their time zone).
We originally had a strong clue that the bosses were from Cameroon because those idiots used the listing of a lake in France (now taken down by Google) where they posted the AI pics they were going to use with the hacked Google accounts they use for that, as well as many other pics, that lake was some sort of free file storage for all their scammers. And among all the images uploaded to that lake, we found this one :
This is a screenshot uploaded by one of the scammers in their lake, it was probably accidentally uploaded as they uploaded them in bulks. This shows a conversation with someone seemingly trying to get money on a bank account. The name of the bank account is “Thierry Bright”, after this there is “BIE ETONGWE”.
Both of those names point to Cameroon when searched on Google. The 237 681126158 thing is a Cameroon phone number. There is also another phone number, 673159990, that actually belongs to one of the scammers behind this (I will show how we know this later).
The chat conversation
We had a particularly good conversation with the scammer who answers to the support chat, he is so cocky he revealed all of his information himself
He started with this screenshot of his website where we can see that it’s 90f and it’s 5:50pm, it was sent at exactly 5:50 gmt+1, so it can only be West Africa. https://imgur.com/a/U0zqxVh
Then he admits he is in Cameroon: https://imgur.com/a/44x32eg
He even gives his phone number lol. Surprise, it’s the one we caught in the conversation above : https://imgur.com/a/72tf69H
When looked up, his number says it’s a valid phone number from “Limbe”, in Cameroon.
When asked about it : https://imgur.com/a/y134Sqh
He even gives us his town ! It’s in English-speaking Cameroon. And since multiple people answers to the chats at once, with different typing styles, and considering he’s sending the money to someone else in Cameroon, I think we can say that there’s a group of people in Cameroon behind this scam, not to mention the call-center workers. My friend also called the number this guy gave and he is 100% certain that the scammer who answered had an African accent and it was a totally different accent compared to the call center scammers
Their bitcoin wallets
By trying to order on all of their 24 websites, we have caught 5 bitcoin addresses they use, for a total of 0.3314 BTC (26292 USD) that were received on those wallets.
Here is their bitcoin wallets :
3HjFrGLVFui7Y9aYS9QXDohK9XHuVQXQU9
1HR66kWiDXinNEQQCgTnbNvuZaKEUmsxoE
16AVkTjWLyWSAez96LadELNtLMYxguNcQd
17kMHN1e7JTE4ajLoAXyxFyBXD1rqpCUPs
3KMnNPHB8CgJQpwyvfybyNHibypr7eSneb
BBB reports
They were reported dozens of times on the BBB website, for a total stolen of 20791 USD.
Almost all of the reports here are from their scam, and I only searched this one keyword. You can take a look at the reports to see how they operate exactly https://www.bbb.org/scamtracker/lookupscam?q=all%3Ddispensary%26from%3D0
By adding the stolen bitcoins and the stolen money that was reported on the BBB, they have made at least 47083 USD since 2021, as that is when the BBB reports & the Bitcoin revenue starts.
Since when are they doing this ?
They have been doing this since at least 2021 according to the revenues, but we found multiple clues that indicates they started in 2014-2015 !!!
Some of the emails behind the domain registration have started registering domains in 2014, and those domains were already recognized as scams at that time, according to this blogpost from 2015 : Stop 419 Advance Fee Fraud: Pharmaceutical Non-Delivery Scams
News reports
Those guys have been so present that there’s even reports from major outlets like NBC about their scam (no one knew who was behind it at that time). They put some of their 24/7 fake shops on random houses, causing customers to go there physically to buy some product… and this seems to happen in every major US metro area
By reading the news reports & posts, we can clearly see that it’s our scammers who did this as it’s the exact same modus operandi (especially for the DC ones)
https://www.reddit.com/r/pittsburgh/comments/18hs4i1/warning_fake_dispensaries_appearing_on_google/
Summary
Those Cameroonian scammers, apparently aided by South Asian (probably Pakistani) phone scammers, have stolen at least 47000 USD in the last 4 years by impersonating US legal weed dispensaries with hacked Google Maps listings and fake shop websites that forces you to purchase a certain amount and redirects you to a call-center, where a phone scammer will pick your order and complete the payment.
Their scam is very well documented and many people have fallen victim to it, either by ordering on their website or by living in a place where they put a fake listing. But no one seemed to know who was behind it before me and my friends looked into it
List of their phone numbers : scam numbers (cameroon weed) - Pastebin.com
Scammer’s own phone number : +237 6 73 15 99 90
List of their fraudulent websites : Cameroon weed scammers - fake websites - Pastes.io
List of their Google Maps hacked accounts : Google scam accs - cameroon weed scams - Pastes.io
List of the known Google Maps listings they have hacked or attempting to hack : google maps listings scams - Pastes.io
Another fraudulent phone number that we found just before posting : +1 (602) 714-2677, from leaflybuds.com
I hope that you had fun reading this long post, and that you will have fun investigating them further or messing with those guys if you decide to ! Do not hesitate to tell me if I posted this with the wrong tag
Took down a bunch of their fraudulent listings too