Unmasking the "Quantum AI" Deepfake Scam: SA-DFI Technical Advisory

At SA Digital Forensics & Investigations (SA-DFI), our mission is to provide professional and confidential investigative solutions to uncover the truth and gather crucial evidence. As part of our commitment to protecting South Africans from the rising crisis of cybercrime, our lab has analysed a sophisticated "pig butchering" funnel currently targeting the local community through social media.

This scam doesn't just steal capital; it weaponizes cultural trust by impersonating reputable organizations like Maroela Media and using deepfake technology to hijack the credibility of figures like Kallie Kriel and Mark Zuckerberg.

THE FORENSIC BREAKDOWN: HOW THE FUNNEL OPERATES

Our digital forensics team specializes in internet and cyber scam investigations, allowing us to dismantle phishing and investment fraud schemes from the inside out. Here is the technical anatomy of the "Quantum AI" operation:

1. SOCIAL ENGINEERING VIA BRAND IMPERSONATION

The campaign begins on Facebook with paid advertisements from compromised or "burned" pages.

• The Bait: A page named "Echo 24" uses a red "News Week" style logo to appear legitimate.

• The Forensic "Tell": SA-DFI analysts identified that this "news" page is incorrectly categorized as "Health/beauty". This is a hallmark of pre-owned accounts purchased by criminal syndicates to bypass Facebook's initial ad filters.

2. THE CLONED LANDING PAGE

Clicking the ad takes the victim to a counterfeit/fake site designed to look like the official Maroela Media platform, using their logo and the tagline "gebalanseerd en betroubaar".

• Visual Discrepancy: While the real site is hosted at maroelamedia.co.za, the scam site operates on fraudulent domains like nymvira.com.

• Linguistic Artifacts: Our investigators noted UI inconsistencies, such as the search button using the word "snuffel..." instead of the correct "sniff..." found on the legitimate site.

3. METADATA & TRACKING ANALYSIS

The links provided by these scammers contain extensive UTM tracking parameters (codes) (e.g., utm_source=fb, utm_medium=paid).

• SA-DFI Insight: These parameters prove the operation is a professional, data-driven criminal enterprise. They track exactly which ads are converting victims, allowing them to optimize their fraud in real-time.

In simple terms: These links act like tracking tools. Just like legitimate businesses track which adverts bring in customers, scammers do the same, but for fraud. Every time someone clicks a link, the criminals can see where the victim came from (for example, Facebook), which advert they clicked, and whether they ended up paying money.

This allows them to continuously improve their scam – focusing on what works best, targeting more victims, and increasing their chances of success. In other words, this isn’t random or amateur – it’s a highly organized, business-like operation designed to maximise profit from victims.

THE DANGER: QUANTUM AI & "PIG BUTCHERING"

The core of the deception is the promise of R200,000 per month through a secret "Quantum AI" project. Once a victim registers, they are often coerced into a "trial" deposit (typically around R4,100). The scammers then use fake dashboards to show skyrocketing profits, encouraging the victim to invest their life savings before "butchering" them by cutting off all contact and disappearing with the funds.

HOW SA-DFI CAN PROTECT YOU

If you or your organization has been targeted by this or similar schemes, SA-DFI provides world-class forensic services that comply with industry-standard evidence collection methods.

• Cyber Scam Investigations: We perform in-depth analysis of investment fraud to identify perpetrators and trace stolen assets.

• Digital Evidence Recovery: We can recover communications and digital paper trails to build a court-ready package that is cross-examination ready.

• Integrated Legal Support: We have skilled attorneys on standby to ensure that the evidence we gather is effectively leveraged in court.

SA-DFI RED FLAG CHECKLIST

1. URL Verification: Does the address match the official site exactly?

2. Category Check: Is a "news" page listed under "Health/beauty"?

3. Deepfake Awareness: Does the video of the celebrity look "waxy" or have mismatched lip movements?

4. Two-Factor Authentication (2FA): Always secure your banking and email with 2FA to prevent scammers from using your leaked credentials.

1. Follow the official SA-DFI WhatsApp Channel for expert insights, case updates, and security awareness:

👉 https://whatsapp.com/channel/0029Vb7UGiSFy72BprmXF61k

Click Follow and tap the bell icon 🔔 to stay updated.

Contact SA Digital Forensics and Investigations:

Phone: +27 77 480 3161

Email: info@sa-dfi.co.za

Website: www.sa-dfi.co.za

Follow us on social media:

• https://www.facebook.com/sadfi.investigators

• https://www.instagram.com/sadfi.investigators

• https://www.youtube.com/@sadfi.investigators

• https://www.tiktok.com/@sadfi.investigators

• https://www.linkedin.com/company/sadfi.investigators/

• https://x.com/SA_DFI

Copyright © 2026 | SA Digital Forensics and Investigations | All rights reserved.