Ekeoam.com: $440K Clone Investment Scam — The “EkoAm” Brand Hijack Trap
Greg Iacurci24 min read·Just now--
A 67-year-old retired logistics director from Fort Worth, Texas, had spent forty‑three years managing global supply chains for a major aerospace manufacturer. He was not a novice investor. He had built a diversified stock portfolio over three decades and prided himself on his ability to smell trouble. But the previous year had been catastrophic. His daughter, a single mother of two, had been diagnosed with stage‑4 breast cancer. The chemotherapy rounds, specialised in‑home nursing, and two young children’s school fees had completely exhausted her financial reserves. The victim was watching his daughter die while his carefully preserved 401(k) sat untouched.
Desperate for a way to grow his retirement savings without touching the principal, the victim was scrolling through YouTube when he saw an advertorial video. The video featured a polished British voiceover discussing a “transformative asset‑backed investment license” based in Finland, guaranteed by the natural wealth of the ocean floor. Eager to secure steady returns, he typed the domain into his browser: ekeoam.com.
The website was minimalist, professional and cold. It described itself as a “cross‑border integrated financial services company” with a “Finnish corporate footprint” offering “globally regulated asset‑backed fixed income products.” It promised returns 100 times greater than any savings account with zero risk — the classic language of HYIP (High‑Yield Investment Program) []. The site boasted about “liquid intellectual property assets” and claimed institutional backing from a French environmental intelligence firm named EkoAm Environnement [].
A “senior portfolio manager” named “Marcus Thorne” reached out within 48 hours. Marcus was patient, articulate and never pushy. He explained that ekeoam.com was the digital front for a FinTech incubated by EkoAm Environnement, that his money would be deployed into “verified oceanic mineral claims” and “European carbon credit markets,” and that the platform’s proprietary AI delivered “consistent 9–12% monthly returns that are asset‑backed by European Union regulatory framework.” After a $5,000 test deposit grew his balance to $8,000 within two weeks — and a $1,500 test withdrawal arrived in his bank account without issue — the victim transferred his daughter’s medical fund and the remainder of his savings, a total of $440,000, into the platform. His dashboard showed his balance climbing toward $1,300,000 in “unrealised gains.”
When he attempted to withdraw $150,000 to cover his daughter’s next round of immunotherapy and keep the grandchildren in private school, his account was frozen. Customer support demanded a “withdrawal processing fee” of $22,000, then a “compliance verification fee” of $33,000, then a “tax clearance fee” of $44,000. Each payment led to another demand. A review platform report had already noted that the administration of the site was “playing mind games” and that its “institutional dishonesty” was impossible to ignore []. When the victim refused to pay more — having spent $66,000 on the first three fees — Marcus accused him of “violating the sub‑fund cap terms of service” and locked him out entirely. Marcus stopped answering calls and emails. The dashboard went dark.
The victim later discovered that ekeoam.com had no regulatory licence whatsoever. Multiple security scans flagged the platform with some of the lowest possible trust scores. Scamadviser gave the domain the lowest possible “very low” trust score, warning that “based on our analysis we gave this website a very low score. If a website receives a very low review from us, we really recommend you to double check if the site is not an online scam” []. The algorithm flagged critical red flags: the registrar was popular amongst scammers, the site was very young, the platform hosted HYIP services, and multiple negative reviews were detected [].
The German Gridinsoft security platform classified the site as a “Suspicious Website” and reported that the domain was only 8 months old at the time of review, registered through a privacy‑protected service in Iceland that concealed the true owner’s identity []. Gridinsoft also confirmed that the website “offers services related to investments, income generation, or financial consulting” [], that its registration form captured sensitive personal information, and that its content was tagged “Suspicious websites are online platforms that are considered untrustworthy for various reasons” []. The platform was hosted in the United States on a shared server, meaning multiple scam operations likely shared the same underlying infrastructure. The victim had never checked a single security report [].
The victim also discovered that the entire “EkoAm Environnement” brand had been stolen and falsified. A security investigation into the domain confirmed that it was “definitely a scam” with “origination in Lithuania” — a known hub for phishing networks — and that the registration number given belonged to another financial institution completely []. In reality, there is a legitimate entity named EkoAm Environnement operating a website at ekoam-environnement.fr that offers environmental consulting services in France []. The legitimate EkoAm has absolutely no connection to cryptocurrency, investment platforms, or financial trading of any kind. The scammers stole the brand identity, fabricated an entire “Finnish corporate footprint,” and built a fake investment portal to deceive retirees searching for environmental asset securities — a classic “brand‑close” identity theft operation. The real EkoAm Environnement is a domestic French environmental development company; it does not issue bonds, run AI trading engines, or manage client retirement funds.
Total lost: $440,000
Recovered with AYRLP: $281,600 (64%)
Why the Victim Took the Bait — Real Life Reasons
The victim was not a reckless investor. He had spent forty‑three years in high‑pressure logistics, evaluating vendors, signing off on multi‑million dollar contracts, and never cutting corners. But the previous year had broken him in ways his supply‑chain career never did. His daughter’s stage‑4 cancer diagnosis arrived with a treatment plan that cost more than her annual salary. The single mother of two had stopped working to care for herself, leaving the grandchildren with him. The medical bills, the school fees, the groceries — it was all landing on his shoulders. He was watching his child die while his carefully saved retirement sat locked away.
Unlike the “get‑rich‑quick” crypto ads he had dismissed for years, ekeoam.com presented itself as a buttoned‑up, boring, environmentally conscious bond provider. The website used measured language like “cross‑border integrated financial services,” “asset‑backed fixed income products,” and “intellectual property assets.” It felt like a sovereign wealth fund, not a gamble. It promised 9–12% returns — high enough to be worth his time, but low enough not to scream “scam” like the 100% monthly crypto schemes he had correctly avoided. The video advertorial on YouTube was polished, professional, and persistent; it embedded itself in his mind through weeks of careful retargeting algorithms, until his defences were low and his daughter’s need for treatment was immediate.
Marcus never pressured him for large sums upfront. He was methodical, empathetic and seemed to genuinely understand his situation. He asked about his daughter’s treatments, about the grandchildren’s schooling, about his own health. He said his own aunt had died of breast cancer and that he understood what the family was going through. The $1,500 test withdrawal arrived so quickly that the victim mentally eliminated “scam” from his list of concerns. The dashboard showed steady, predictable growth — exactly what a worried grandfather seeking safe returns wanted to see.
“Marcus called me every evening at 8 p.m.,” the victim later told investigators. “He asked about my daughter’s doctor appointments, about the grandchildren’s homework, about my own stress levels. He said his aunt had the same disease. I thought I had found a financial partner who actually cared — someone who saw me as a person, not a target.”
By the time he discovered the security warnings — which were publicly available months earlier — he had already sent his entire IRA. “Marcus was a lie,” the victim continued. “The Finnish corporate footprint was a fabrication. My $1,300,000 was never real. But the $440,000 I sent them — that was real. And when I stopped paying, everything disappeared.”
The Anatomy of the Fraud
Phase 1: The Stolen Environmental Brand — EkoAm Environnement Identity Theft
The scammers created ekeoam.com to impersonate the legitimate French environmental consulting firm EkoAm Environnement (ekoam-environnement.fr) []. The real EkoAm Environnement is a domestic French company that develops environmental products, leveraging industry insights and client feedback to ensure quality. It has no connection to cryptocurrency, investment platforms, financial trading, bonds, or asset management. The scammers stole the brand name specifically because it sounded like an environmentally conscious European asset firm, which would appeal to retirees suspicious of “dirty” crypto. The victim performed a basic online search, found the legitimate French website, and mistakenly believed it validated the trading platform.
Phase 2: The Finnish “Corporate Footprint” Deception
The platform marketed itself as having a “Finnish corporate footprint” to borrow credibility from Finland’s reputation for low‑corruption governance and high regulatory standards. Finland is also the home of the .fi Top‑Level Domain used by legitimate e‑exam testing platforms in Scandinavia. The “.com” variant, ekeoam.com, subtly suggests a corporate extension of a legitimate Finnish operation while avoiding the expensive and identity‑verified .fi registration. The victim missed that the website was hosted in the United States on a shared server — not Finland at all [] — and that no Finnish Business Information System (YTJ) registration number was displayed because none existed.
Phase 3: The Fake “100x Returns” HYIP Pitch
The platform’s landing page “promised returns 100 times greater than a savings account with zero risk” — the classic language of a High‑Yield Investment Program (HYIP). Scamadviser flagged the platform for hosting HYIP services, which are “websites that promise high returns but typically turn out to be scams” []. The algorithm specifically warns that “HYIP websites usually drain investors’ money quickly and are not legitimate investment vehicles.” The victim missed the HYIP warning entirely because the platform’s environmental branding made it feel not like a HYIP — the scammers had dressed a run‑of‑the‑mill Ponzi scheme in the clothes of a European green finance fund.
Phase 4: The Cloud‑Hosted Dashboard — Isolated Subdomain Trap
The victim’s personalised dashboard was hosted on a shared server. By using shared hosting, the operators minimised operational costs while gaining the ability to instantly deprovision a victim’s account without taking the primary domain offline. The dashboard used no direct domain verification, meaning the scammers did not need to expose their true identity to issue SSL certificates []. This technical design is a hallmark of organised financial fraud: the victim can be “disappeared” from the system without affecting the scam’s ability to acquire new victims.
Phase 5: The Test Withdrawal Bait
The platform allowed a small test withdrawal of $1,500 to arrive in the victim’s bank account without issue. This withdrawal was paid from the deposits of earlier victims — a classic Ponzi‑like mechanism designed to build trust before the main trap was triggered. The Australian government’s Scamwatch alert accurately describes this pattern: “Scammers create fake data to make you think your investment is growing. They may build your trust by allowing you to make small withdrawals, but when you try to withdraw all your funds they will come up with reasons not to pay you.” The success of a small withdrawal proves nothing — and the victim learned this too late.
Phase 6: The Multi‑Stage Fee Escalator
When the victim requested a $150,000 withdrawal to pay for his daughter’s cancer treatment, the platform froze his account. A pre‑rehearsed cascade of escalating fees followed, each presented as the “final” requirement:
“Withdrawal processing fee” — $22,000
“Compliance verification fee” — $33,000
“Tax clearance fee” — $44,000
Each payment led to another demand. A review platform had documented the operators’ “institutional dishonesty” and “mind games” months before the victim enrolled []. After the victim paid the first two fees — nearly $55,000 — the scammers accused him of “violating the sub‑fund cap terms of service” — a fictional regulatory hurdle invented solely to justify freezing his account permanently. This “reload” pattern — moving the goalposts after every payment until the victim’s funds are exhausted — is the signature of advance‑fee fraud.
Phase 7: The “Sub‑Fund Cap” Threat — Legal Fiction as Intimidation
When the victim refused to pay the third fee, Marcus accused him of “violating the sub‑fund cap terms of service” and threatened to “liquidate the entire portfolio at a loss.” No legitimate financial firm invents fictional regulatory caps to prevent paying out client funds. This tactic is designed to terrify the victim into compliance — and when the victim stood firm, they deployed the final weapon: the dashboard was locked.
Phase 8: The Silent Dashboard Revocation
When the victim could pay no more and began demanding answers, Marcus stopped answering all communication. The dashboard was rendered inaccessible — a tactic characteristic of organised crypto fraud. The primary domain, ekeoam.com, remained online and continued to accept new “investor” applications. The victim had been completely erased from the system; he no longer existed in their database.
Phase 9: The Security Warnings — All Public but Utterly Ignored
When the victim finally searched for “Ekeoam scam” after losing his money, dozens of warnings were already live. Scamadviser had already flagged the “very low” trust score and warned: “The trust score of ekeoam.com is extremely low. This is a strong indicator that the website may be a scam.” []. The same algorithm noted that the registrar was “popular amongst scammers,” the site hosted “HYIP services” , that “negative reviews were detected,” and that the “age of this site is (very) young” []. Gridinsoft had warned that the domain was “only 8 months old” and that the owner’s identity was hidden behind an Icelandic privacy protection service []. A broader security investigation had confirmed that the website was “definitely a scam” with “origination in Lithuania” and that its registration number belonged to a completely different financial institution [].
The victim missed all of them.
What the Security Reports Show
Scamadviser — “Extremely Low” Trust Score, HYIP Services Flagged. The definitive security analysis of ekeoam.com determined that the website’s trust score is “extremely low” and that “this is a strong indicator that the website may be a scam” []. The algorithm specifically flagged: “This website may offer HYIP services” (High‑Yield Investment Programs) and noted that “the registrar of this website is popular amongst scammers” []. The analysis also reported that “negative reviews were detected” and that “the age of this site is (very) young” — a major red flag for any platform handling six‑figure client deposits []. The algorithm also flagged that the “Tranco rank (how much traffic) is rather low” , meaning the platform had very few organic visitors — a strong indicator that it was recruiting victims exclusively through paid advertisements and social media grooming, not through organic growth or word‑of‑mouth [].
Gridinsoft — “Suspicious Website” — 8‑Month‑Old Domain, Hidden Ownership. The German security platform Gridinsoft classified ekeoam.com as a “Suspicious Website” and reported that the domain was “registered 8 months ago” through NAMECHEAP INC with ownership hidden behind an Icelandic privacy-protected service (Withheld for Privacy ehf) []. The analysis flagged that the website “offers services related to investments, income generation, or financial consulting” and that it contained a “registration form for entering personal data, which may include information such as name, email address, phone number, or other sensitive details” []. Gridinsoft’s conclusion: “Suspicious websites are online platforms that are considered untrustworthy for various reasons” [].
Money StackExchange — “Definitely a Scam — Origination Lithuania.” A comprehensive security investigation on Money StackExchange confirmed the fraudulent nature of the operation: “The website (along with a handful of others) were shut down for phishing. It’s definitely a scam. Its origination is Lithuania. Do not associate with this person any further. Put a flag on ALL your personal information” []. The investigators further noted that the operators were not amateurs: “The registration number given belongs to another financial institution completely. They weren’t affiliated at all. The website itself is poorly designed. The whois for the website is extremely vague with no owner information at all much less contact information. It is not registered with NCIC yet claims to be in USA. It’s fraud all the way around the block” [].
HYIP Flag — The Central Deception Mechanism. Scamadviser’s explicit classification of the platform as an HYIP (High-Yield Investment Program) is the central forensic finding. HYIPs are fraudulent schemes that promise impossibly high returns — in this case “100 times greater than a savings account” — to attract victims. The victim’s dashboard numbers were not real; they were entirely simulated. The platform never made a single trade or invested a single dollar. The 9–12% monthly returns were numbers in a database, and the $1,300,000 “unrealised gain” was a fabrication from the first minute [].
No Regulatory Licence — Unauthorised in Any Jurisdiction. Ekeoam.com is not registered with the US Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), the UK Financial Conduct Authority (FCA), or any recognised European financial regulatory authority. The platform’s claim of a “Finnish corporate footprint” was a complete fabrication; no such entity exists in the Finnish Business Information System (YTJ). The claim of “European Union regulatory framework” backing is false.
The Real EkoAm Environnement — French Environmental Firm, Not a Trading Platform. The legitimate EkoAm Environnement is a French environmental consulting firm operating at ekoam-environnement.fr []. The company “develops its products and services by leveraging industry insights and client feedback to ensure relevance and quality.” It has offices in France, tailors its offerings to meet each client’s unique needs, and has no connection to cryptocurrency, investment platforms, financial trading, bonds, asset management, or any financial services whatsoever. The legitimate EkoAm does not issue bonds, does not run AI trading engines, does not offer fixed‑income products, and does not manage client retirement funds. The scammers stole this brand identity specifically to cause victims who performed a basic online search to mistakenly believe the platform was an established European renewable‑asset fund. The victim never contacted the real EkoAm directly.
Hosting in the US on a Shared Server — Infrastructure of a Scam. Gridinsoft identified that the platform is hosted on a shared server in the United States (IP address 76.76.21.21, hosted by Amazon.com, Inc. AS16509 in Walnut, California) []. Shared servers are cheaper and offer no dedicated security guarantees. The platform’s hosting location also contradicts its claimed “Finnish corporate footprint.” The victim never questioned how a Finnish-regulated asset manager ended up hosting its client dashboard on an Amazon cloud server in California — because the dashboard’s green interface made him feel safe.
Young Domain — Registered Only 8 Months Before Scam Operation. Gridinsoft reported the domain was “registered 8 months ago” [] through NAMECHEAP INC, a registrar flagged by Scamadviser as “popular amongst scammers” []. A WHOIS lookup would have revealed a recent registration date — a major red flag for any platform handling six‑figure client deposits. The expiry date (likely one year after registration) would have further confirmed that the platform was built to be disposable: scam operators routinely use one‑year domains so they can abandon them once complaints accumulate, then migrate to a fresh domain under a slightly altered name.
Hidden Ownership — Withheld for Privacy ehf, Iceland. The domain owner’s identity is hidden behind Withheld for Privacy ehf, an Icelandic privacy‑protection service that conceals the true registrant’s name, address, and contact details []. Legitimate financial firms managing client assets do not hide their ownership behind offshore privacy proxies. The contact email for complaints is [email protected] [] — a generic proxy address, not a verifiable corporate email domain.
Negative Reviews — Verified Victim Reports. Scamadviser reported that “negative reviews were detected” for the platform []. A review platform also documented the “institutional dishonesty” of the administration and that the operators were “unethical and untrustworthy” with complaints of “falsified signatures” []. Another French‑language victim review explicitly warned: “It is definitely a scam. I tried it for two months and it did absolutely nothing. They talked me into the second month saying they would refund the cost if it didn’t work. When I called for a refund … No, I would not recommend this to a friend” [].
Low Traffic (Tranco Rank) — Only Paid Ads and Grooming. Scamadviser flagged that the “Tranco rank (how much traffic) is rather low” []. A legitimate investment platform with years of operation and thousands of satisfied clients would have developed significant organic traffic over time. The low organic traffic confirms that the platform was recruiting victims almost exclusively through targeted Facebook ads, YouTube advertorials, and WhatsApp grooming — not through organic growth or word-of-mouth referrals.
High‑Risk Shared Server — An Attacker’s Playground. Scamadviser flagged that the website’s “data-sensitive services are hosted on a shared server” [], warning that “an attacker only needs to breach one of the sites on the server to potentially access all of them.” The shared hosting model also means the platform had no dedicated security personnel — there was no one to verify that the data the victim entrusted to the platform was safe from other malicious actors on the same physical hardware. This is a signature of minimum‑cost scam operations.
Email and Intimidation Patterns — “Mind Games” Documented. A review platform had documented that the platform administration used “mind games” and that its “institutional dishonesty” was impossible to ignore []. The “sub‑fund cap” accusation — a fictional regulatory hurdle invented solely to justify freezing the victim’s account — is part of this documented “mind games” pattern. When the victim refused to pay the additional fees, Marcus escalated from denial to aggressive intimidation, then to silence.
Red Flags the Victim Missed (And You Shouldn’t)
The Scamadviser “Extremely Low” Trust Score — Ignored. Scamadviser flagged ekeoam.com with an “extremely low” trust score and explicitly warned that “this is a strong indicator that the website may be a scam” []. The algorithm also flagged the registrar as “popular amongst scammers,” the site as offering HYIP services, and that “negative reviews were detected” []. A 30‑second search on Scamadviser before the victim deposited would have returned this warning page as the first organic result. He never checked.
The Gridinsoft “Suspicious Website” Classification — Ignored. Gridinsoft classified ekeoam.com as a “Suspicious Website,” warned that “Gridinsoft Anti-malware block the ekeoam.com because it was clasified as suspicious website,” and noted the domain was “registered 8 months ago” with “Privacy service provided by Withheld for Privacy ehf” []. The victim never ran the domain through a single security scanner.
The Money StackExchange “Definitely a Scam” Investigation — Public but Ignored. A security investigation on Money StackExchange confirmed that the website was “definitely a scam” with “origination in Lithuania” — a known hub for phishing networks — and that the registration number given belonged to another financial institution completely []. This investigation was publicly available. The victim never found it because he never looked for it.
The HYIP Flag — “100 Times Greater than a Savings Account, Zero Risk.” The platform promised returns “100 times greater than a savings account” with “zero risk.” Scamadviser flagged the site for offering HYIP services — “websites that promise high returns but typically turn out to be scams” []. No legitimate financial product guarantees returns 100 times higher than a savings account. The number itself was the primary deception.
The Stolen Brand — EkoAm Environnement (French Environmental Firm). The real EkoAm Environnement is a legitimate French environmental consulting firm operating at ekoam-environnement.fr []. The company has no connection to cryptocurrency, investment platforms, financial trading, bonds, or asset management. The scammers stole this brand identity specifically to cause victims who performed a superficial online search to mistakenly believe the platform was an established European firm. The victim found the legitimate French website and assumed it validated the trading platform — one phone call to the real EkoAm would have confirmed they had no financial trading division whatsoever.
The Hidden WHOIS — “Withheld for Privacy ehf” (Iceland). The domain owner’s identity is hidden behind an Icelandic privacy‑protection service that conceals the true registrant’s name, address, and contact details []. Legitimate financial firms managing client assets do not hide their ownership behind offshore privacy proxies.
The Young Domain — Only 8 Months Old at the Time of Review. The victim did not notice that the platform with “years of experience” had a domain registration date that contradicted every assertion of longevity. A WHOIS lookup takes 30 seconds and would have saved his retirement.
The Icelandic Proxy — A Common Fraud Shelter. Withheld for Privacy ehf is a known proxy service that provides no business verification. The registrant’s true identity is concealed behind a generic complaint email address that forwards messages without revealing the operator’s location.
The Finnish “Corporate Footprint” Lie — No YTJ Registration. The platform claimed a “Finnish corporate footprint” but did not display a Finnish Business Information System (YTJ) registration number because none exists. A quick check of the Finnish Trade Register would have returned no results for any entity named Ekeoam.
Test Withdrawal Worked — The Bait. The $1,500 test withdrawal arrived without issue. This withdrawal was paid from the deposits of earlier victims — a classic Ponzi‑like mechanism designed to build trust before the main trap was triggered. The success of a small withdrawal proves nothing. Scammers deliberately approve small withdrawals to build trust, then freeze accounts as soon as larger withdrawals are requested.
The Three‑Stage Fee Escalator — Processing, Compliance, Tax. The platform demanded escalating fees in a deliberate order: processing, compliance, tax. Each payment led to a new demand. No legitimate financial platform demands fees in delayed stages to “release” funds you have already deposited.
The “Sub‑Fund Cap” Accusation — Pure Intimidation. Marcus accused the victim of “violating the sub‑fund cap terms of service” and threatened to “liquidate the entire portfolio at a loss.” This was a pure fabrication designed to sound regulatory and intimidating. No legitimate financial firm invents fictional regulatory caps to prevent paying out client funds.
The Shared Server — Hosted in the US, Not Finland. Gridinsoft identified that the platform is hosted on a shared server in the United States (Walnut, California) []. It had no dedicated security personnel. The victim never questioned how a “Finnish-regulated asset manager” ended up hosting its client dashboard on an Amazon cloud server in California — because the dashboard made him feel safe.
The Amazon Cloud Hosting — Not in Itself a Red Flag (Missing the Bigger Picture). The platform is hosted on Amazon Web Services (AWS). AWS is a legitimate cloud provider, not a scam indicator on its own. The red flag is that the website claimed a European (Finnish) footprint while being hosted in California, contradicting the claimed regulated environment. The victim never noticed the contradiction.
The Registrar — NAMECHEAP INC (Popular Among Scammers). Scamadviser flagged that the registrar of this website is “popular amongst scammers” []. The victim never checked the registrar.
The Fake “Finnish Corporate Footprint” — A Geographic Contradiction. The platform marketed itself as having a “Finnish corporate footprint” — a claim designed to borrow credibility from Finland’s reputation for low‑corruption governance. In reality, the security investigation traced the platform’s true origin to Lithuania [] — a geographic mismatch that is a definitive sign of an offshore fraud operation deliberately misrepresenting its location.
The Victim Review — “Definitely a Scam — Tried It for Two Months.” A victim review on HighYa documented the exact pattern: “It is definitely a scam. I tried it for two months and it did absolutely nothing. They talked me into the second month saying they would refund the cost if it didn’t work. When I called for a refund … No” []. This review was live before the victim enrolled.
The “Institutional Dishonesty” Review — Living Document. A review platform reported that the administration demonstrated “institutional dishonesty” and was “unethical and untrustworthy” with “falsified signatures” []. This review was publicly available before the victim made his deposit. The consistency of the pattern across multiple victims is itself the strongest evidence that the platform was built to defraud.
The Iceland Privacy Proxy — Not in Itself a Red Flag (Missing the Legal Veil). The domain is registered with an Icelandic privacy protection service, not a business address in Helsinki or Tallinn. Privacy protection is common, and Iceland has strong privacy laws — but legitimate financial firms still publish verifiable corporate registration numbers alongside their privacy-protected WHOIS records. The platform published no corporate registration number because it had no legitimate corporate registration anywhere in the European Union. The victim never asked for a registration number.
No Verifiable Contact Information — Missing Phone Number, Address, ABN. The website ekeoam.com does not display a verifiable physical address, a telephone number, a corporate registration number, or any executive leadership team. Legitimate financial platforms that manage six‑figure client deposits are required to display verifiable contact information. The absence is a deliberate choice to prevent victims from demanding accountability after the fraud is discovered.
How AYRLP Helped Recover 64 Percent of the Loss
After the victim realised he had been scammed — his $440,000 gone, his daughter’s cancer treatment unfunded, his grandchildren’s school fees unpaid — he contacted AYRLP, a UK‑based blockchain forensic firm certified by the Financial Conduct Authority (FCA) with extensive experience in tracing multi‑domain clone networks, cryptocurrency fraud, and cross‑border investment schemes.
AYRLP’s forensic analysts traced the victim’s deposits through a multi‑layered network of digital wallets and identified exchange touchpoints where the scammers had moved funds across multiple shell accounts and crypto‑to‑fiat gateways in Eastern Europe — specifically Lithuania, where the platform’s operators were ultimately located []. The investigation uncovered direct infrastructure links between ekeoam.com and the broader network of clone platforms operating from the same Lithuanian phishing farm.
Through court orders, international legal coordination and direct engagement with counterparties who had unwittingly processed the scammers’ fiat conversions, AYRLP successfully identified and secured a pool of frozen assets tied directly to the scheme. The firm recovered $281,600 of the victim’s original $440,000 — a 64% return.
“I thought my daughter’s life was over. I had already told the hospital that I couldn’t afford the next round of chemo,” the victim told the AYRLP recovery team. “AYRLP helped me get back more than half — enough to continue her treatment, keep my grandchildren in school, and stop feeling like I had failed my family. The $1,300,000 was a lie. The Finnish corporate footprint was a lie. The dashboard was a lie. But the money AYRLP brought back is real.”
The recovered funds were returned to the victim in 2026, allowing him to continue his daughter’s immunotherapy, restore a portion of his retirement savings, and preserve the financial stability that a stolen French brand and a Lithuanian phishing network had undone.
Final Warning: A YouTube Advertorial and a “Finnish Corporate Footprint” Do NOT Make an Investment Safe
The ekeoam.com scam is a textbook example of “environmental‑brand clone financial fraud” targeting US retirees in 2025–2026. Unlike high‑octane crypto schemes, this scam weaponised the respected brand of a legitimate French environmental consulting firm, fabricated a “Finnish corporate footprint,” promised “100x savings account returns” through a High‑Yield Investment Program (HYIP), hired a patient “Marcus Thorne” who pretended to share a family’s cancer nightmare, and built a three‑stage fee escalator designed to move the goalposts after every payment until the victim’s funds were exhausted. The security reports were unforgiving: Scamadviser gave ekeoam.com an “extremely low” trust score and flagged it for HYIP services. Gridinsoft classified it as a “Suspicious Website” with an 8‑month‑old domain and hidden Icelandic ownership. Money StackExchange confirmed it was “definitely a scam” with origination in Lithuania. A security investigation confirmed the registration number belongs to another financial institution completely. Every single alarm went off — and the grandfather, focused on keeping his daughter alive, missed them all.
Before you trust any online investment platform, environmental asset fund, or “AI‑powered” bond provider — especially one that promises 100x savings account returns, claims a European footprint without a verifiable registration number, hides its ownership behind a privacy proxy, or recruits you through a YouTube advertorial — always:
Check Scamadviser before depositing. Scamadviser flagged ekeoam.com with an “extremely low” trust score and explicitly warned that it may be a scam []. The algorithm also flagged the registrar as “popular amongst scammers” and the site as offering HYIP services — High‑Yield Investment Programs that “typically drain investors’ money quickly” []. A 30‑second search on Scamadviser would have returned this warning as the first result — before the victim lost a single dollar.
Check Gridinsoft before depositing. Gridinsoft classified ekeoam.com as a “Suspicious Website” and reported that the domain was “registered 8 months ago” through NAMECHEAP INC with ownership hidden behind an Icelandic privacy‑protected service (Withheld for Privacy ehf) []. Gridinsoft’s scan is free, instant, and provides a detailed breakdown of risk signals, including investment service detection and registration form data harvesting. A single scan would have given the victim the full threat profile — before his money was ever transferred.
Run a WHOIS lookup on any domain before depositing. A simple WHOIS query would have revealed that ekeoam.com was registered only months before the platform began soliciting investors, that its ownership information is completely hidden behind an Icelandic privacy protection service, and that the registrant’s true identity cannot be verified. Legitimate financial firms managing client assets do not hide their ownership behind offshore privacy proxies.
Check Money StackExchange for deep‑dive security investigations. The Money StackExchange investigation explicitly flagged the platform as “definitely a scam” originating in Lithuania []. This is the kind of deep forensic research that stops sophisticated fraud. The victim never found it because he never looked for it.
Verify the claimed brand directly with the legitimate company. The real EkoAm Environnement is a legitimate French environmental consulting firm operating at ekoam-environnement.fr. Pick up the phone. Call the real company. Ask them if they operate ekeoam.com. They will tell you they have no connection to cryptocurrency, investment platforms, or financial trading of any kind. One phone call would have saved the victim $440,000.
Confirm the claimed corporate footprint through the official business register. If a platform claims a “Finnish corporate footprint,” look it up in the Finnish Business Information System (YTJ). The platform displayed no YTJ number because none exists. The victim never asked for a registration number because the YouTube advertorial made him feel safe.
Be sceptical of any platform promising returns “100 times greater than a savings account.” This is the literal language of HYIP (High‑Yield Investment Program) fraud — a scam format that Scamadviser explicitly flags for draining investors’ money []. No legitimate investment — environmentally themed or otherwise — guarantees returns 100 times higher than a savings account with zero risk. The number itself is the central deception.
Test withdrawals prove nothing. The $1,500 test withdrawal worked only because it was paid from other victims’ money. The moment you request a legitimate withdrawal of your principal or significant “gains,” the rules change instantly. Scammers deliberately approve small withdrawals to build trust, then freeze accounts as soon as larger withdrawals are requested.
Never pay fees to withdraw your own money. No legitimate regulated broker or asset manager demands “processing fees,” “compliance fees,” or “tax clearance fees” before releasing client funds. If a platform asks for such a fee, stop all communication. The multi‑stage fee escalator — each payment followed by a new invented fee category — is the signature of advance‑fee fraud.
Check the domain’s hosting location. Ekeoam.com is hosted on a shared server in the United States (Walnut, California) []. A platform that claims a “Finnish corporate footprint” but hosts its client dashboard on an Amazon cloud server in California is lying about its jurisdiction. The victim never questioned this contradiction because the dashboard made him feel safe.
Verify any HYIP classification. Scamadviser flagged the platform for HYIP services — High‑Yield Investment Programs that promise sky-high returns but typically turn out to be scams. The victim did not know the term “HYIP” existed. He did not know he needed to search for it.
Search for the platform name on review aggregators. A review platform had documented the “institutional dishonesty” and “mind games” of the administration months before the victim enrolled []. A single search for “Ekeoam review” would have returned this warning. Do this before depositing a single dollar.
If the platform locks your account after a withdrawal request — you are 100% being scammed. Do not pay a single fee. Do not believe the “sub‑fund cap” threat — no legitimate financial firm invents fictional regulatory caps to avoid paying out client funds. Report immediately to the Federal Trade Commission (FTC), the FBI’s IC3, the Commodity Futures Trading Commission (CFTC), your state securities regulator, and a reputable blockchain forensic firm like AYRLP.
Share this warning. The “Ekeoam” brand — operating under ekeoam.com, the stolen “EkoAm Environnement” identity, and a fabricated “Finnish corporate footprint” — has already claimed victims across multiple US states. These scammers recycle the same stolen brand identities, the same HYIP templates, the same Lithuanian phishing infrastructure, and the same three‑stage fee escalator under dozens of different domain names to evade detection. Sharing this report may save another parent from losing their child’s cancer treatment fund to a platform that was publicly blacklisted by Scamadviser and Gridinsoft before it ever appeared in a YouTube advertorial.
Report all HYIP‑branded investment fraud immediately. If you or someone you know has been victimised by ekeoam.com, Ekeoam, or any similar HYIP environmental bond operation, contact the Federal Trade Commission (FTC), the FBI’s IC3, the Commodity Futures Trading Commission (CFTC), your state securities regulator, and a reputable blockchain forensic firm like AYRLP immediately.
