Stratir public CTI case file

Project Lighthouse

Dual-monitor coding workstation used for cyber threat intelligence review

Designed by Stratir
The Bahamas & North America

Telegram investment fraud investigation

A public-awareness investigation showing how Stratir turns open-source fraud signals into source-backed cyber threat intelligence.

This is what practical CTI looks like when the threat is fraud, impersonation, and public harm.

Project Lighthouse examined a Telegram investment-fraud operation targeting people in The Bahamas. The group used fake authority, forged media cues, direct-message pressure, and unrealistic return claims to make a classic advance-fee scam feel local, credible, and urgent.

The public-interest risk has since become sharper: as of June 2026, Leslia Miller-Brice and Sebas Bastian are sitting Members of Parliament and Cabinet ministers in The Bahamas. Mrs Miller-Brice was impersonated by an admin account, not acting as an admin, so the case reaches beyond consumer fraud into public-trust and government-impersonation risk.

The value of this page is not just naming a scam. It explains the behavior pattern, the indicators readers can recognize, the reporting steps victims can take, and the disciplined evidence workflow Stratir used to convert messy social-platform activity into an intelligence product.

What Stratir found.

The operation mixed social engineering, brand impersonation, and financial-pressure tactics into a funnel designed to move victims quickly from curiosity to deposit.

161

Telegram members observed

Audience size at the time of observation, before the funnel moved targets into private messages.

7

Impersonated entities documented

Public figures, media brands, and regional trust signals were misused to manufacture legitimacy.

29

Evidence pages compiled

Screenshots, selectors, infrastructure notes, and analytic observations were preserved for review.

5

Fraud stages mapped

Recruitment, authority hijacking, private-message conversion, deposit collection, and withdrawal obstruction.

The fraud pattern was not random.

It followed a recognizable conversion sequence: gather trust, borrow authority, isolate the target, collect money, then obstruct recovery.

01

Recruit

Telegram social proof

The operation used a group named PASSIVE INCOME BSD EMPOWERMENT to seed testimonials, payment screenshots, and referral pressure.

02

Impersonate

Authority hijacking

Accounts copied recognizable names, photos, and media brands so the scheme would inherit credibility from trusted Bahamian institutions.

03

Convert

Private DM funnel

Targets were pushed into direct messages, sent marketing material, and promised that BS$1,200 could become BS$16,500 in four working days.

04

Collect

Personal deposit path

Victims were directed toward a personal Scotiabank deposit path instead of a regulated institutional investment channel.

05

Delay

Blocked withdrawal pattern

Once a target paid, the displayed profits were fictional and withdrawal attempts could be met with delays, extra fees, or silence.

Evidence discipline

Preserve the record before making the claim.

Feynman served as the primary OSINT pivot tool during the investigation, helping connect observed selectors across phone numbers, usernames, email infrastructure, and source records.

The important part is not speed alone. The important part is speed with provenance. Stratir preserved the original observations, separated victims of impersonation from fraudulent accounts, and built a narrative that could be checked by readers, media, and investigators.

That is the difference between a warning post and CTI: the final product explains what happened, why it matters, how confident the assessment is, and what action the audience should take.

Stratir method

Requirement-led collection

The investigation started with a public-protection requirement: identify whether the group was a credible investment opportunity or an active fraud risk.

Stratir method

Selector pivoting

Usernames, phone numbers, email domains, group behavior, and claimed identities were treated as connected evidence objects rather than isolated clues.

Stratir method

Source preservation

Screenshots, timestamps, message content, account names, and infrastructure observations were retained so findings could be checked later.

Stratir method

Impersonation analysis

The report separated the real public figures and organizations from the fraudulent accounts misusing their names, images, and reputations.

Stratir method

Reader-oriented release

The public version emphasizes recognition, reporting, and harm reduction instead of publishing every sensitive detail from the evidence package.

Stratir method

CTI translation

Technical and social indicators were translated into the practical question readers care about: what should I avoid, preserve, and report?

Recognize the operation before it reaches your bank account.

These indicators are presented for public awareness and defensive reporting. The public version avoids publishing every sensitive detail from the full evidence package.

Telegram

Group name
PASSIVE INCOME BSD EMPOWERMENT
Admin persona impersonation
The admin account impersonated Mrs Leslia Miller-Brice, MP. She was not acting as an admin; she is documented as an impersonation target.
Claimed executive impersonation handle
@Prof_Sebastian_242_Empowerment, impersonating Sebas Bastian, MP

Infrastructure

Spoofed domain
fortcharlote.com
Sender address
sebas4fc@fortcharlote.com
WhatsApp number
+1 (242) 425-7666

Financial pathway

Deposit instruction
Scotiabank presented as the only active bank
Receiving account type
Personal account named in evidence package
Public handling
Account details withheld here to reduce copycat abuse

Brand variants

Campaign language
Passive Income Empowerment
Local targeting cue
BSD Empowerment
Investment wrapper
Passive Income Investing

Identity abuse was the engine of trust.

The operation borrowed credibility from real people and institutions. An admin persona impersonated Mrs Leslia Miller-Brice; she and Sebas Bastian are documented here as sitting public officials whose identities were abused, not participants in the scheme.

Impersonation target

Mrs Leslia Miller-Brice, MP

Impersonation target

Sebas Bastian, MP

Impersonation target

Hon. Leon Lundy, MP

Impersonation target

Our News Bahamas

Impersonation target

The ZNS Network

Impersonation target

CBC News Barbados

Impersonation target

Bahamian political and business credibility cues

Red flags readers can act on.

Public CTI should make the next bad decision harder. These are the signals to pause, preserve evidence, and report.

01

Guaranteed returns of roughly 1,275% in four working days.

02

Deposits routed to a personal account instead of a licensed investment entity.

03

A claimed investment operation absent from the Securities Commission of The Bahamas licensed-firms context.

04

Misspelled or lookalike infrastructure, including fortcharlote.com instead of Fort Charlotte.

05

Fake technical language such as AI-ALGORITHM and stock chains used as credibility decoration.

06

Impersonation of sitting Bahamian Members of Parliament and Cabinet ministers, increasing the public-trust and government-impersonation risk.

07

Pressure to leave the group context and continue in private messages.

08

Sock-puppet testimonials and screenshots used to simulate successful withdrawals.

09

Telegram checkmarks treated as identity verification when they can be display or subscription artifacts.

03 / Impact

The impact is clarity when people are being pressured.

Investment fraud is often treated as a consumer-warning problem, but the mechanics are familiar to CTI teams: impersonation, infrastructure misuse, social proof, target isolation, payment collection, and narrative control.

Stratir brings those mechanics into a structured intelligence workflow. That makes the final output useful to regular readers, while still preserving the rigor that investigators, media, banks, and security teams need when deciding what to do next.

Impact

For citizens

The page gives non-specialists concrete warning signs they can recognize before sending money or trusting a forged endorsement.

Impact

For media

It documents how trusted Bahamian brands were abused, giving journalists a clearer basis for public-interest coverage.

Impact

For investigators

It preserves enough structure to support intake, triage, account review, platform reporting, and follow-up evidence requests.

Impact

For partners

It shows how Stratir can move from messy open-source signals to a reviewable CTI product with public communication value.

If you were targeted, preserve first and report quickly.

Do not send additional funds. Screenshot messages, profiles, payment instructions, receipts, usernames, links, and phone numbers before the group disappears.

Reporting channel

Royal Bahamas Police Force

Report to the Financial Crimes Unit and preserve screenshots before deleting messages.

Reporting channel

Securities Commission of The Bahamas

Check licensed-firm status and report unregistered investment solicitation.

Reporting channel

Bank fraud department

Notify your bank immediately if funds were sent or account details were shared.

Reporting channel

Telegram

Report the group, admin accounts, impersonation, and fraud content inside the platform.

Evidence package

Stratir is built for intelligence work that has to be useful in the real world.

Project Lighthouse shows the operating posture: collect lawfully, preserve evidence, resolve entities, separate facts from claims, communicate risk plainly, and release public findings in a way that helps people act.

Request evidence packageWork with Stratir