在一个大约100名成员的投资 WhatsApp 群中，Sebastian Hatherleigh 被塑造成一位约60岁的投资专家，但他在2025年前几乎没有数字化记录；其照片似乎是 AI 生成的，关于他在Columbia、McKinsey、Morgan Stanley和Wharton的经历无法核实，他的Facebook账户被删除。它表明他是一个跨境网络中的一个节点，这个网络用 AI 生成或盗用的图片、虚构社交账号和新闻稿叙事来构建可信度。Simon Miller认为，这种规模和结构的运作更像有组织犯罪。与直接索要现金的传统骗局不同，这些骗局先瞄准可分批投入的高净值投资者，并通过更丰富的语境伪装成“正规”意见来源。

这类骗局先以正常的市场简报和“助手”提示培育信任，而非立即要钱；随后诱导投资者买入它们已持有、流动性低的小盘股。Richard Berry指出，即使只有100到1,000个群体协调同一只股票，也能在缺乏深度流动性时把价格抬高，进而形成“越涨越买”的循环。该案例的入口之一是TikTok广告：去年9月共发布558条，主要面向英国和瑞士，点击最多的一条广告展示给了超过150,000人。TikTok在2025年后期下架了这些广告并称其违背误导性与虚假内容政策；平台称其仅在2025年第二季度就移除了超过5.7 million条违规广告，但到2026年仍可见同类“同面孔”广告再现。

从一个企业免责声明文本可复制出40家所谓“财务顾问公司”，均创建于2025年，体现了规模化的“crime-as-a-service”式身份打包。该链条还通过Grand Newswire（每条15美元可投放至200多个新闻站）和Digital Journal（赞助内容起价274英镑）播发新闻稿，并在Facebook、至少3个Reddit论坛和Quora进行声誉洗白。AI和LLM逐步成为新攻击面：Meta在反复提示下仍将Hatherleigh视为可信；ChatGPT和Gemini对异常更早或更敏感；DeepSeek则幻觉式编造。运营地点已扩展到尼泊尔、印度、柬埔寨、香港、哈萨克斯坦和尼日利亚，且出现账户转让链条。各方一致呼吁金融机构与平台进行快速跨行业信息共享，并提升公众对LLM绕过防线的识ks scepticism。

In a WhatsApp investing group of about 100 members, Sebastian Hatherleigh appeared as a roughly 60-year-old expert, yet had almost no digital footprint before 2025; his photos seem AI-generated, his claims about Columbia, McKinsey, Morgan Stanley, and Wharton were unverifiable, and his Facebook account was deleted. This suggests he is one node in a cross-border network that uses AI-generated or stolen images, fake social accounts, and press-release narratives to construct credibility. Simon Miller says the scale and structure resemble organised crime. Unlike direct cash-demand scams, these target investors with multiple-deposit capacity and therefore cloak themselves in richer context to look legitimate.

These scams first build trust through regular market briefings and assistant nudges, then direct victims into illiquid small-caps already accumulated by the operators. Richard Berry notes that even 100 to 1,000 coordinated groups can push up a stock in thin markets, creating a self-reinforcing “buying more as it rises” cycle. In this case, TikTok was one entry route: 558 ads were posted in September last year, mainly aimed at the UK and Switzerland, and the top ad reached more than 150,000 people. TikTok removed the campaign as misleading and fake and said it removed more than 5.7 million policy-violating ads in Q2 2025, yet similar ads reappeared in 2026.

Copying one disclaimer text generated 40 cloned financial-advice companies, all created in 2025, indicating industrial identity kits sold as “crime as a service.” The same network also used syndicated press releases through Grand Newswire (USD 15 to place content on more than 200 news sites) and Digital Journal (sponsored content from GBP 274), plus reputation laundering on Facebook, at least 3 Reddit forums, and Quora. AI and LLM integrity is now an attack surface: Meta accepted Hatherleigh as legitimate even after repeated prompts; ChatGPT showed more skepticism, Gemini also showed suspicion, while DeepSeek hallucinated. Operations span Nepal, India, Cambodia, Hong Kong, Kazakhstan, and Nigeria, with account-transfer chains reported. Authorities and firms call for rapid cross-industry information sharing between finance firms and platforms and greater public scepticism toward AI systems.