Category: Case Files

  • Case File: Clone Finalto Markets – Wearing a Real Broker’s Name

    Some registry records matter beyond their own case because they teach the whole pattern. Clone Finalto Markets is one: an operation flagged by upstream investigators for impersonating Finalto — a genuine, regulated trading business — down to the branding.

    What the record shows

    The registry entry is explicit in its naming: this is a clone record. The operation presented itself under the Finalto name while operating from infrastructure with no connection to the licensed firm. Victims who searched the brand found a real company with a real history — and concluded the site in front of them was that company.

    Why clones beat casual checks

    • Search results validate the name — news coverage, registers, reviews all belong to the real firm.
    • Licence lookups validate the number — also the real firm’s.
    • The only detail that fails is the one almost nobody compares: the domain and payment beneficiary, which belong to the clone.

    Our clone-firms guide covers the full verification sequence; the short version is that a regulator’s register lists the licensed firm’s official website, and any mismatch between that and the site asking for your deposit ends the conversation.

    If you dealt with a Finalto lookalike

    Payments to a clone never reached the real firm, and the real firm cannot refund them — but that also means your dispute is clean fraud, which helps with chargebacks and recalls. Preserve the domain you actually used and the account details you actually paid. Then report it and check the SARFund case registry for the operator’s case file.

    Clone records refer to the impersonating operation, never to the legitimate firm whose identity was stolen.

  • Case File: Royal Q – The ‘Auto-Trading Robot’ With a Regulator Warning

    Royal Q sold the dream in its purest form: a trading robot that grows your account while you sleep, marketed person-to-person with referral bonuses layered on top.

    What the record shows

    In 2021, the Securities Commission Malaysia (SC) issued a public warning about Royal Q, flagging potentially unlicensed activity. That is the anchor fact in the case file — not a rumor or a review, but a national regulator putting the name on its alert list. The registry record has carried a Flagged verdict since intake.

    The pattern worth learning

    • “The robot does the trading” removes the need to fake credentials — the algorithm is the authority figure, and its performance screenshots are manufactured like any fake dashboard.
    • Referral commissions turn victims into distribution. Friends recruit friends, which is why robot schemes burn through communities and families rather than strangers.
    • Binding to your exchange API was pitched as safety (“we never hold your funds”) while fees, subscriptions and “activation” costs did the extracting.

    The takeaway

    Any product whose pitch is guaranteed automated profit plus recruit your friends is answerable to one question: why does a money-printing machine need your $200 subscription? Check any robot, platform or app against the registry before connecting anything, and if you have losses tied to this record, the SARFund case registry tracks whether an investigation is open.

  • Case File: ProInteractiveBrokers – A Famous Name, Plus a Prefix

    Interactive Brokers is one of the most recognizable brokerage brands in the world. ProInteractiveBrokers is not Interactive Brokers — and the “Pro” is doing all the work.

    What the record shows

    On December 24, 2025, the Canadian Investment Regulatory Organization (CIRO) issued a warning against ProInteractiveBrokers. The registry record was flagged the following day. The operation’s entire trust story was borrowed: a household name, lightly modified, aimed at victims who half-remember the real brand.

    Why the prefix trick works

    • Search engines partially rescue it — results mix the real firm’s reputation with the fake’s site, and skim-readers blend them into one impression.
    • “Pro”, “Global”, “FX”, “Group” read as product tiers, not as different companies. Victims assume they found the premium version.
    • The real firm’s licence checks out — for the real firm. The domain comparison is the only check that catches the swap.

    The rule this file teaches

    Brand adjacency is not brand identity. Every added word in a famous name is a reason for more suspicion, not less. Type the real brand’s address yourself; never arrive at a “broker” through an ad or a chat link. And before funding anything, run the exact name through the registry — the record for this operator, like thousands of others, links onward to its file at the SARFund case registry.

  • Case File: CIBfx – Four Years on the FCA Warning List and Still Circulating

    Some operators disappear when flagged. Others linger for years, resurfacing whenever a new audience forgets. CIBfx entered the warning ecosystem in 2021 and remains a live lesson.

    What the record shows

    On 20 June 2022, the UK Financial Conduct Authority (FCA) issued a warning that CIBfx was providing financial services without authorisation — the FCA’s standard language for an operation soliciting UK customers with no licence to do so. The registry record predates and incorporates that warning.

    Why years-old warnings still protect you

    • Brands get recycled. Operator groups shelve a burned name, then relaunch it later on a fresh domain when searches have gone quiet. The warning stays true; the victims are new.
    • Victim lists outlive brands. Old operations feed recovery-scam targeting years later — “we are investigating CIBfx and found your funds” is a script line, not a rescue.
    • Warning lists are cumulative. A name on the FCA list in 2022 does not come off it by rebranding its homepage in 2026.

    The habit this file recommends

    When you check a broker, check the history, not just today’s website — a registry lookup surfaces records regardless of how recently the operator repainted. If CIBfx or a lookalike domain has your money, document everything and consult the SARFund case registry for the operator’s case status.

  • Case File: Meteor Profit – One Brand, Mismatched Domain, FSMA Warning

    Small details convict. Meteor Profit presented itself as a trading brand while operating from financelegend.org — a domain with no relationship to its own name. Real firms protect their brand-to-domain identity; disposable operations grab whatever is lying around.

    What the record shows

    On October 14, 2025, Belgium’s Financial Services and Markets Authority (FSMA) issued a warning about Meteor Profit for operating without authorisation. The registry record carries the flag along with the operator’s claimed details — including that mismatched domain, preserved as evidence.

    The brand/domain mismatch signal

    • Operator groups run families of brands on shared infrastructure — one domain hosting several “brokers” over its lifetime, or one brand hopping across unrelated domains as each gets flagged.
    • A mismatch means the site you are on was never built as a long-term business identity. It was built to be abandoned. (Our scam-domain anatomy guide covers the full infrastructure fingerprint.)
    • It also breaks casual verification: searching “Meteor Profit” would not surface reviews tied to financelegend.org, and vice versa — splitting the evidence trail is the point.

    The takeaway

    Always check both the brand name and the exact domain against the registry. If either has a record, treat the whole thing as flagged. Losses tied to this operator can be cross-checked against the SARFund case registry, where verified reports escalate into tracked case files.

  • Case File: HERITAGE PROFIT – Flagged by the FCA Within Days of Surfacing

    The encouraging story hidden inside HERITAGE PROFIT’s case file is speed: the operation surfaced, drew reports, and was on the UK FCA’s warning list by December 17, 2025 — with the registry record flagged in the same window.

    What the record shows

    The FCA warning suspects the operation of providing or promoting financial services targeting UK consumers without authorisation. The registry preserves the operator’s claimed website and intake date alongside the flag — a complete verification answer for anyone who checks the name.

    What “heritage” branding is for

    • Names invoking legacy — Heritage, Sterling, Crown, Trust — are chosen to pre-load credibility that a weeks-old operation has not earned. It is domain-age mismatch as a naming strategy.
    • Paired with “profit” in the same breath, the name promises exactly what regulation forbids promising. Licensed firms do not put guaranteed outcomes in their own brand.

    Why fast flags matter to you

    The window between a scam platform launching and its first authoritative flag is when most money is lost. Every early report shortens it. That is the entire argument for checking and reporting: a lookup costs ten seconds, a report costs two minutes, and together they compress the window for everyone behind you. Cases that verify escalate to the SARFund case registry, which tracks open investigations against operators like this one.

  • Case File: AscotPrime – The Unverifiable Operating Entity

    Every broker website names an operating entity in its footer — and almost nobody reads it. AscotPrime is a case study in why you should: the record flags it as an unauthorized operation whose claimed corporate structure fails verification at every register that matters.

    What the record shows

    Upstream analysis found AscotPrime claiming operation by a corporate entity whose licensing could not be substantiated — the classic shell arrangement: a name in the footer, a registration certificate at best, and no appearance on any enforcement-capable regulator’s register. The registry record carries the Flagged verdict with the operator’s claimed details preserved.

    The footer-entity shell game

    1. The site brand is what you remember (AscotPrime).
    2. The operating entity is a differently-named company, often in an offshore registry — see the lie board for how registration gets dressed up as regulation.
    3. The payment beneficiary is frequently a third name entirely. Three names, zero accountability — and when disputes come, each points at the others.

    The 30-second footer audit

    Read the footer entity. Search it — separately from the brand — on the regulator registers covered in our licence guide. If the entity is absent, or present only as a bare company registration, you have your answer before the deposit page loads. Then check both names against the registry; operators of this type accumulate records under every alias, and verified cases carry through to the SARFund registry.

  • Case File: HORIZONS 28 – Spain’s CNMV Calls It in January 2026

    HORIZONS 28 entered the registry with a European flag: on January 26, 2026, Spain’s National Securities Market Commission (CNMV) issued a warning against the operation, assessing it as providing investment services without authorisation.

    What the record shows

    A recent operation, a national-regulator warning, and the usual claimed trappings of a trading platform. The record preserves the intake date and claimed site alongside the CNMV flag.

    Warnings travel worse than scams do

    Here is the asymmetry this file illustrates: the scam solicits victims in a dozen countries at once, but the warning appears on one national list, in one language. A German or Canadian victim would never think to search Spain’s CNMV alerts — and the operator counts on that.

    • Case registries exist to collapse that asymmetry: a single lookup reads across records regardless of which regulator flagged first.
    • This is also why “I checked my own country’s regulator and found nothing” is incomplete — absence from your national list means only that your regulator has not caught up yet. See why not-listed is not safe.

    The takeaway

    Fraud is cross-border by default; your checks should be too. Run the registry lookup first, the licence check second, and if you have exposure to this or any flagged operator, the SARFund case registry is where verified reports and open investigations are tracked across jurisdictions.

  • Case File: Hayat Global – An FCA Warning and the Anatomy of ‘Global’ Branding

    Hayat Global carries one of the registry’s many FCA anchors: on 4 November 2022, the UK Financial Conduct Authority warned that the operation was targeting UK consumers without authorisation.

    What the record shows

    The pattern is the standard unauthorized-solicitation file: a trading site, marketing into a jurisdiction where it holds no permission, drawing enough reports to earn a warning. The registry preserves the flag, the claimed domain and the intake date.

    Reading the name like an investigator

    Fraud branding is a compressed sales pitch, and its vocabulary is small:

    • “Global” implies offices, licences and scale — things checkable in minutes and absent in every one of these files.
    • “FX”, “Capital”, “Prime”, “Markets” borrow institutional texture. Combined with a months-old domain, the mismatch is the tell.
    • The registry’s 9,000+ records recycle a strikingly small set of such words — grand names are cheaper than licences.

    The takeaway

    A name is a claim, and claims get checked: registry lookup, then the regulator’s own register, matching the domain rather than the branding. Exposure to this operator — or any of its likely successors under fresher names — belongs in a report, and the SARFund case registry holds the escalation trail.

  • Case File: BoForex – ‘Fully Licensed and Regulated’, Says Who?

    Most case files in the registry contain a version of the same sentence. On BoForex’s site it read: the operating entity is a “fully licensed and regulated broker”. The record exists because no enforcement-capable register substantiates that claim.

    What the record shows

    Upstream analysis checked the licensing claim attached to the operation’s named entity and found it unsupported — the assertion of regulation, without the regulator. That single gap is sufficient: in a licensed industry, an unverifiable licence claim is the finding.

    “Licensed and regulated” as decoration

    • The phrase costs nothing to type and converts hesitant depositors — which is why nearly every record in the registry features some version of it.
    • Specifics are always missing or hollow: no regulator named, or a registration dressed as a licence, or a number that no register returns.
    • Real firms do the opposite — they cite the exact authority and number, because the claim is checkable and they want you to check it.

    The one-line test

    When a site says “licensed and regulated”, complete the sentence: by whom, under what number, on which register? If the site cannot answer, or the answer fails at the source, the conversation is over. Ten seconds on a registry lookup settles most of these before the licence check is even needed — and for money already sent, the SARFund case registry tracks the operator’s file.