HEROES!! Assemble

Every day, I see people lose life-changing amounts of money to crypto scams and it never gets easier to watch. The schemes are constant, the tactics are ruthless, and the damage is real.

In this week’s stories, you’ll see exactly how these scams unfold and what you can do to avoid becoming the next victim.

Hero Briefing

• Charlotte Man Tricked Into Transferring $1M in Cryptocurrency

• Denver Pastor and Wife Indicted for $3.4M Faith-Based Crypto Scam

• Stolen Passwords Are Cybercriminals Favorite Tools

• Apple Co-Founder Image Used In Deepfake Scam

• $5M Grandparent Scam Network Busted

Charlotte Man Tricked Into Transferring $1M in Cryptocurrency

The Intel:

Eugene received a call one Friday night from someone claiming to be from Ledger, warning him that his cryptocurrency funds were in danger.

Reassured by a multi-step scam involving multiple “support agents” and a shared verification code, Duckett entered his seed phrase into a fake website… giving scammers full access to his hardware wallet.

Moments later, he watched in real time as $1,038,000 worth of crypto vanished from his wallet.

Why it matters:

This is a textbook example of how scammers use the Fraud Formula (Hook + Story + Urgency + Payment = Scammed) to bypass even the strongest forms of digital security.

Scammers used this to get his seed phrases, which are the keys to your crypto kingdom, and once shared, there’s no undo button. 

With crypto fraud losses topping $9.3 billion in 2024 according to the FBI IC3 Report, cases like Duckett’s show the real emotional and financial devastation these crimes cause.

I have personally investigated these types of cases, where the victim truly believed they were speaking to a real representative from a company, only to find out, sometimes only when I explain it to them, it was a scammer.

Detective’s Insights:

• Scammers posed as legitimate support consistently, referencing real data likely leaked in previous Ledger and Coinbase breaches.

• They building credibility and trust, by using words and phrases use by real support agents.

• They build phishing website, where victims unknowingly typed in their recovery seed phrase.

• Hardware wallets are secure… until you give up the seed phrase. That’s the single point of failure scammers target.

• Recovery is difficult, but speed is key. With proper tracing, there is still hope through subpoenas and law enforcement collaboration.

Denver Pastor and Wife Indicted for $3.4M Faith-Based Crypto Scam

The Intel:

Denver pastor Eligio “Eli” Regalado and his wife, Kaitlyn, have been indicted on 40 counts including theft, securities fraud, and racketeering for allegedly scamming over $3.4 million from investors through their cryptocurrency, INDXCoin.

Prosecutors say the couple promised “abundance” and “blessings” in exchange for investment in a Christian-themed crypto project but spent at least $1.3 million on personal luxuries like home renovations, vacations, and high-end retail.

The coin is now considered worthless, and nearly 300 investors (church members mostly) lost everything.

Why it matters:

This case blends crypto fraud with religious manipulation, targeting faith communities with promises of divine wealth and prosperity.

INDXCoin wasn’t registered, licensed, or functional, yet it was sold as a pathway to spiritual and financial blessing.

The exploitation of trust, faith, and community ties makes this scam especially egregious.

It's a warning that bad actors will use any narrative, even divine guidance, to commit fraud.

Detective’s Insights:

How this crypto scam was built and why it worked:

• The couple claimed God told them to launch the coin, exploiting spiritual Trust to recruit investors.

• They use Authority as figureheads in the church to make members more like to follow and believe what they were pushing.

• Despite claiming good intentions, the couple violated multiple securities laws, according to the Colorado Securities Commissioner.

• The state has frozen their assets and is seeking $3.4M in restitution but recovery may be difficult due difficulty reversing crypto transactions.

• Religious affinity fraud is powerful and dangerous, as it exploits deeply rooted trust networks that typically go unchallenged.

Stolen Passwords Are Cybercriminals Favorite Tools

The Intel:

In a world of deepfakes and AI-driven attacks, one old-school method remains king: stolen passwords.

Despite years of cybersecurity innovation, credentials from databases of stolen usernames and passwords are still one of the most reliable tools for hackers.

The article compares passwords to duct tape. They’re simple, accessible, and effective and they continue to be the go-to weapon in a cybercriminal’s toolkit.

Why it matters:

People reuse passwords. They ignore password managers. I advise people everyday to use a password manager but the fear of having all that info in one play can be scary.

And they delay enabling multi-factor authentication. That’s why stolen credentials still account for a majority of data breaches today.

As long as users and businesses lean on simplicity over security, hackers will keep using the path of least resistance.

This isn’t a futuristic problem, it’s right now, and it’s one of the most preventable forms of cybercrime.

Detective’s Insights:

Why passwords still matter and how criminals use them:

• Stolen passwords are cheap, searchable, and sold everywhere, including dark web forums, Telegram, and open websites.

• Most people reuse passwords, so one breach can give hackers access to dozens of accounts.

• Hackers automate password stuffing attacks, testing credentials across multiple services to gain entry.

• Password managers can be extremely helpful generating long, sophisticated passwords for you, while securely maintaining them.

• Most ransomware attacks begin with the use of stolen passwords and credentials

• Password fatigue is real, but education and enforcement are still the best defense.

Apple Co-Founder Image Used In Deepfake Scam

The Intel:

Apple co-founder Steve Wozniak is speaking out about the rise in deepfake-driven fraud, after scammers used manipulated videos of him to promote a Bitcoin giveaway scam.

Victims were duped into sending cryptocurrency under the false promise that Wozniak would “double their money.” It was so convincing, some victims lost their life savings.

Despite flagging the scam in 2020, Wozniak is still in court battling YouTube for its failure to take swift action against the impersonation.

Why it matters:

Deepfakes aren’t just coming, they have been here, powering investment scams, romance scams, and pig butchering scams.

Public figures from Wozniak, Elon Musk, and Jeff Bezos have had their likenesses hijacked for investment scams, while video platforms struggle to moderate AI-manipulated content.

In 2024 alone, the FBI received reports of $9.3 billion in online fraud losses, and 40% of high-value crypto scams were driven by deepfake tactics.

I have watched videos and live demonstrations of deepfakes being used in real-time.

It will become harder to determine what is real and what isn’t.

Detective’s Insight:

What this case tells us about the future of impersonation scams:

• Scammers used real Wozniak footage, framed it with scam instructions, and spread it through YouTube ads.

• The scam only came to light when a victim emailed Wozniak’s wife, asking when they'd get their money back.

• With images readily availability on the internet and social media platforms, the use of deepfakes will only continue to grow.

• Deepfakes give fraudsters instant credibility, especially when tied to well-known brands or personalities.

• AI-powered video manipulation is cheap, scalable, and difficult to detect in real-time.

• Public awareness is key. If you see a video promising crypto returns from a celebrity, it’s a scam. Make sure to report it for removal ASAP.

$5M Grandparent Scam Network Busted: 13 People Charged

The Intel:

A multinational criminal ring targeting elderly Americans with “grandparent scams” has been taken down.

Thirteen individuals, including the alleged ringleader, were charged for operating fake call centers in the Dominican Republic that manipulated over 400 elderly victims into sending cash to help supposed grandchildren in distress. The victims, with an average age of 84, lost over $5 million.

The scheme involved English-speaking scammers posing as panicked grandchildren and fake attorneys, requesting urgent payments via rideshare pickups or mailed cash.

Many victims were contacted multiple times for “additional emergencies,” and the cash was quickly laundered back to the Dominican Republic.

Why it matters:

Elder fraud is escalating in sophistication and reach, and this case shows how organized crime has industrialized emotional manipulation.

These weren’t isolated scammers. They were operating structured call centers with openers, closers, runners, and launderers, much like a business.

Victims weren’t just scammed. They were repeatedly emotionally re-victimized.

This takedown also underscores a troubling trend: scammers are using legitimate services like Uber and Lyft to transport stolen money. I have actually spoken with these drivers who get caught in the middle of these scams.

Detective Insights:

• Criminal “call centers” used scripted roles: “Openers” played grandchildren, “Closers” played attorneys, delivering believable, emotional scripts.

• Victims were often contacted multiple times with new stories: baby lost in a crash, legal mix-ups, etc., to extract more money.

• In some cases, victims were driven by rideshare to banks to withdraw even more funds without knowing they were in a scam.

• The scammers even us AI voices to make the phone call more believable.

• The average victim was 84 years old, highlighting just how vulnerable and trusting seniors can be when family is invoked.

Scam Breakdown and Prevention Tips

Investment Scams ($6.5B Lost In 2024)

How Investment Scams Happen

• You’re contacted by phone, email, text, or social media with an “exclusive opportunity”

• A scammer offers high returns with little to no risk

• They use professional-sounding terms, charts, or fake testimonials to gain your trust

• Pressure tactics are used: "Limited time only," "Get in before it goes public," or "Don’t miss out"

• You’re encouraged to invest more as your “returns” grow on a fake dashboard

• When you try to withdraw, they disappear or demand additional fees

Common imposter scams include:

• Ponzi Schemes

• Pump and Dump Scams

• Crypto Investment Scams 

• Forex Trading Scams

• Real Estate Investment Frauds

• Social Media Influencer Scams

• Romance + Investment Scams

How Victims Are Tricked Into Transferring Money:

• Bank Transfers – Sent directly to foreign or fraudulent accounts

• Cryptocurrency Payments – Victims are told to buy and send crypto (Bitcoin, Ethereum, etc.)

• Wire Transfers (e.g., via Western Union or MoneyGram) – Often untraceable

• Mobile Payment Apps – Scammers ask for payments via Zelle, Cash App, or Venmo

• Fake Investment Platforms/Websites – Victims "fund" an account and watch fake gains until it's too late

How to Protect Yourself:

• Be skeptical of unsolicited investment offers
  Legitimate firms don’t cold-call or DM you on social media with guaranteed returns.

• Verify the company and broker
  Check with FINRA’s BrokerCheck or the SEC’s Investment Adviser Public Disclosure website.

• Slow down and research
  Pressure to “act fast” is a red flag. Look for complaints, reviews, and scam warnings.

• Never invest in anything you don’t fully understand
  If you can’t clearly explain how it works, don’t hand over money.

• Avoid paying in crypto or gift cards
  No legitimate investment requires untraceable payment methods.

More News:

• St. Louis postal worker admits to stealing checks from mail

• Scammers are stealing older adults’ life savings

• Man Defraud victims in Knox County for $850K