Category: Guides

  • Chargebacks, Wire Recalls and Crypto Tracing: What Recovery Realistically Looks Like

    After a fraud loss, you will hear two kinds of voices: sellers of miracle recovery (avoid — see the second wave) and people who say nothing can ever be done. The truth sits between, and it depends almost entirely on how you paid.

    Card payments

    The strongest position. Chargeback rules exist for exactly this; banks can reverse card payments for services not rendered. Timelines are strict (often 120 days from the transaction, sometimes from when you discovered the fraud) — so speed matters more than certainty. File with your issuer in writing, use the word “fraud”, include evidence.

    Bank transfers and wires

    Recalls are possible while funds sit in the receiving account, and mule accounts are frozen more often than people assume — but the window is short. Notify your bank the same day if you can; ask specifically for a recall attempt and a fraud flag on the beneficiary.

    Crypto

    Transactions cannot be reversed, but they can be followed. Public-chain tracing is real casework: funds move through wallets to exchanges, and exchanges with compliance teams freeze deposits tied to documented fraud. What makes tracing viable is your evidence — transaction hashes, wallet addresses, timestamps. Preserve them all.

    What honest escalation looks like

    • It never asks victims for upfront fees.
    • It never guarantees outcomes.
    • It starts with documentation and case verification, not with a payment link.

    That is the standard the SARFund case registry exists for: verified reports, case files on reported operators, escalation without fees for victims. Check whether your operator has a case on file, report what happened, and act on the payment-method clock above today.

  • The Complete Reporting Guide: Where to File, in What Order

    Reporting feels pointless to many victims — “the money is gone, what will a form do?” But reports are how mule accounts get frozen, how operators get delisted from ad platforms, and how case files build until action happens. Order matters:

    1. Your bank or card issuer — same day

    The only step with a hard clock. Ask for: fraud flag, chargeback (card) or recall attempt (transfer), and written case reference. Do this before anything else.

    2. The exchange, if crypto moved through one

    If you bought crypto on a major exchange and sent it to the scammer, report the destination address to that exchange’s fraud team. Exchanges blacklist addresses and freeze connected accounts.

    3. Your national fraud agency

    • US: IC3 (ic3.gov) and the FTC (reportfraud.ftc.gov)
    • UK: Action Fraud
    • Australia: Scamwatch / ReportCyber
    • EU: your national police cybercrime portal

    Individual reports rarely trigger individual responses — aggregated ones drive takedowns and prosecutions. File anyway.

    4. The registries

    Report the operator here so the next person’s lookup comes back flagged, and check the SARFund case registry — where verified reports are escalated — to see whether your operator already has an open case.

    What to attach everywhere

    One evidence pack, reused: platform name + URL, dates, amounts, payment method, transaction IDs/hashes, screenshots of the dashboard and chats, and every name or handle the operators used. Write the timeline once while it is fresh; every desk you file with will ask for it.

  • Clone Firms: When the Licence Is Real but the Broker Is Not

    The easiest fake brokers to catch invent everything. The hardest clone everything: real company name, real licence number, a website copied page-for-page from a regulated firm. Every fact checks out — because the facts belong to someone else.

    How clone operations work

    1. Pick a genuinely licensed firm, ideally mid-sized with limited public profile.
    2. Register a lookalike domain: an added word (“-global”, “-markets”), a swapped TLD, a single-letter change.
    3. Mirror the real site. Quote the real licence number. Sometimes list the real office address.
    4. Advertise. When victims verify the licence, the regulator’s register confirms it — for the real firm the clone is wearing.

    Our registry holds numerous such records — see the Clone Finalto Markets case file for a textbook example flagged by upstream investigators.

    The one check clones cannot survive

    Compare the domain, not the name. Regulator registers list each firm’s official website and contact details. If the register says examplebroker.com and you are on examplebroker-global.co, stop — whatever the site says, you are not dealing with the licensed entity. Regulators also publish explicit clone warnings; search the register’s alert list for the name.

    Also worth suspicion

    • Contact only via WhatsApp/Telegram while the “real” firm lists office phone lines.
    • Payment to personal accounts, third-party companies, or crypto addresses — regulated firms take payment in their own name.
    • Urgency. Licensed brokers do not chase deposits with countdown timers.

    Check the exact name and domain against the registry, and if you have already paid a clone, report it and consult the SARFund case registry — clone victims often discover an investigation is already open.

  • Why ‘Not Listed’ Does Not Mean ‘Safe’: The Limits of Every Registry, Including Ours

    We run a case registry of over 9,000 reported operators, and we will tell you plainly: a clean check is not an endorsement. When your lookup comes back Cleared, here is exactly what that does and does not mean.

    What Cleared means

    No case on file — nobody has reported this exact name into the registries we read, and it has not matched upstream case data. That is genuinely useful information. It is also all it is.

    Why dangerous platforms can check clean

    • They are new. Scam platforms launch daily; a site registered last Tuesday has had no time to accumulate reports. Newness itself is a risk marker.
    • They rebrand. Burned operators relaunch under fresh names on fresh domains — same team, same script, clean lookup.
    • Spelling variance. Registries match names; operators multiply spellings. Check the exact domain too, not just the brand.

    The Cleared-result protocol

    1. Verify the licence at the regulator’s own register, matching the domain, not just the name.
    2. Check the domain age — an “established” brand on a months-old domain fails.
    3. Test the withdrawal path early with a small amount, before any meaningful deposit.
    4. Re-run the lookup periodically. Registries move; last month’s Cleared can be this month’s Flagged.

    And if a platform turns on you after a clean check — that is exactly the report we most need. File it: your report is what closes the gap for the next person, and verified cases escalate to the SARFund case registry where investigations are tracked.