Comment by RetroTechie

It's a matter of how much effort you want to put in, and what you get out of it.

Years ago, a friend of mine fell victim to a romance scam. Damage ~€3k. It involved fake websites of non-existing logistics companies, a fake banking site where victim could 'help' a person 'transfer funds' for them, a long chat history (over Viber or something like that, initiated through Facebook), etc.

This being a good friend, I put in some legwork, saved local copies of sites, etc. Some findings:

# It's easy to find copies of sites of the one(s) used to defraud victim. In this case, ~50. And compile a list, what's the hoster of each & where domains are registered.

# Fake banking sites are easy to determine since legitimate banks are recorded in per-country registries. Legitimate: website's security certificate (extended validation etc) indicates [bank_X], bank_X listed as such in registry of country it operates in. Not? -> fake.

For non-banking fake sites it's more difficult to tell.

# Hosting companies & domain registrars do take action. As long as you provide correct & detailed info, in such a way that it's easy for them to act on. Professional companies don't like having legal / financial liabilities sit around.

# If there's security certificates involved, informing issuer of that can remove "secure connection" from a whole batch of sites in 1 go. Makes it harder to convince future victims. (no lock icon on a banking site?!?)

# An official request could be filed with this victim's bank (passed on to recipient's bank), that would give holder of recipient account 2 options: a) return the funds, or b) have their personal details revealed to victim - for use in legal proceedings etc.

This was within EU area. Likely, recipient would be a money mule & not respond. But then you'd get money mule's full name/contact info etc (home address?)

# Police / fraud orgs etc rarely have time for this. You need to do the legwork yourself.

Ultimately, my friend decided not to pursue the matter. But in the mean time, I had caused >2/3 of those fake sites to be deleted (and all the fake banking sites I'd found), and some security certificates to be revoked. Obviously that disrupts scammer's operations to some degree (and costs them time, $$, potential victims dropped etc). So it's not like you can't do anything.