I was in the middle of a work trip — the first since Covid — when an obvious bot account claiming to be a scout for a streetwear brand left a comment on a honey trap I had set up to study Instagram bots. “Collab? DM @ vincerewears”

This was a pleasant surprise. I had set up my second Instagram account purely to facilitate my hobby tracking and studying the behavior of fake accounts on social networks, but even though I called it a honey trap on the profile I did not expect any bots to interact with it directly. I assumed (incorrectly) that making the honey trap effective as a honey trap would require activities that were likely to ensnare legitimate Instagram users as well.

At first I thought about ignoring the bot. It was super obvious that this was a scam, and scammer bots weren’t really what I wanted to focus on. But I couldn’t help my curiosity because the honey trap account had no followers whose provenance was not known to me, used no hashtags on posts, and wasn’t at the time following anybody else. So where did this little bot come from? I couldn’t resist. I needed to look under the hood and see what it was doing with its time.

And when I did, I discovered a network of thousands of fake accounts coordinating scams across Instagram. A network that’s not just ripping off normal Instagram users, but also, likely, ripping off the brands it scams for.

The Age of Dropship Fashion

The brand the bot was scamming for is called Vincere, or Vincere Wears. It’s a dropship brand — meaning that the brand itself neither produces, nor stores, nor ships the products it sells. Instead it passes along orders to a company in China that handles all of the logistics. The brand owner puts up a website, builds a social media presence, marks up the prices and pockets the difference. (None of the brands mentioned in this story responded to a request for comment)

These schemes are very easy to set up. Shopify has a number of helpful tutorials on how to do it. And the margins on them can be quite significant if the customer doesn’t realize the brand is just a front. For example here’s a shirt Vincere is currently selling for $99, here’s the same shirt on AliExpress for $16. That’s a markup of 500%.

Although the markup might be distasteful, dropshipping isn’t illegal. But dropshipping tends to be full of scammers because it is rarely profitable. The barrier to entry is too low, so the competitive landscape is intense. Dropshippers end up burning up their profits running ads on Facebook and Instagram trying to find customers.

Which is where the bots come in…

Preying on Influencers: the Ambassador Scam

ambos00_vincere is part of a huge network of fake Instagram accounts attempting to convince legitimate Instagrammers to buy from these dropship stores with their ridiculous markups. How do they do that? By asking you to become a brand ambassador. For the would-be influencer with a few hundred or a few thousand followers, this feels like a stepping stone to bigger deals. Vincere offers you 50% off whatever you buy through them and a cut of the profits from anyone who buys using your code. That’s a 200% markup instead of a 500% one.

Other schemes tell you the products are free, you just have to pay for shipping. Really expensive shipping. Shipping two or three times the real value of the actual product.

Then on top of that if by chance someone does use your ambassador code to buy something, most of these brands do not have any affiliate marketing infrastructure… so they pocket your promised commission too. The point isn’t to drive sales through the influencer’s promotion of their product. The point is to get the would-be influencers themselves to buy.

All of this has been well documented before in other places, but many of these exposés assume that these are individual scammers running single sites and using a handful of fake accounts. When I started tracing the network it became immediately obvious that many brands were clustered — set up by the same person or organization and that these clusters had hundreds and sometimes thousands of fake “scout” accounts that were coordinating with other clusters even when the brands themselves were direct competitors.

How Big is the Vincere Network Exactly?

When I started I thought I was just going to trace all the Vincere bots. There seemed to be a lot of them, and whoever had set them up was either cheap or sloppy. Fake accounts need followers to pass for real accounts, right? Most people would go out and buy fake followers, but Vincere just repurposed other fake Vincere scout accounts and assumed no one would look closely. That meant each bot found yielded information on more bots when I looked at their followers.

But very quickly I realized that there were bots for other brands also in the mix. A couple of names kept coming up over and over again: Broused Fitness, Urban Ice, Salvatore Franco, Valerio… All following a similar naming pattern on their fake accounts. All boosting each other’s follower count and at times pushing each other’s products.

As of this writing, I have identified over 50 brands selling everything from jewelry to pet toys in this network. 2,900+ fake Instagram accounts masquerading as “scouts” recruiting ambassadors and an extra 19,000 suspicious accounts meant to look like real Instagram users. 12% of these are highly suspicious — meaning they’re following multiple fake accounts in the network.

And truthfully, the Vincere network is probably even larger than this. I was limited in my data collection by Instagram’s API restrictions. In the graph I was able to assemble each brand has an average of about 60 fake accounts each. If the ratio of branded fake accounts to human looking fake accounts is consistent, the Vincere network might have more than 20,000 bots. That’s enough to sell out Madison Square Garden in New York City.

The Brand Clusters

I came into this project assuming that all these brands were owned by the same group and that this group controlled the Vincere network. But as I continued my research I kept spotting inconsistencies in the approach of the fake brands and their scams. Some brands were carefully constructed to hide the identity of their owner and prevent angry customers from having any leads with which to track them down. Other brands were leaking a huge amount of information in public databases, including using their home addresses in their LLC registrations. One cluster had bots for one of their brands, but three other brands doing identical dropshipping schemes that had no bots in the network. Another cluster hired a lawyer and secured a trademark for one of their brands. Trademark registration costs a few hundred dollars … not really the sort of thing you would do if you were going to scam a bunch of Instagrammers. But it is the sort of thing you would do if you started the brand with legitimate ambitions and turned to the bot net later.

Cluster 1: Lasting Impact LLC

Most of the scammer brands kept their contact information hidden. They don’t want the people they’re scamming to track them down — who would?

So Valerio stood out immediately. It had an address and a phone number. Granted the address was a PO Box cleverly disguised, but when I put the address in Google all their other scam brands popped right up. In fact, they even set up a website for the “parent company”. The brands operating under Lasting Impact LLC are: Urban Ice, Valerio, Brute Impact, Pink Pineapple, and Hype Authority.

Cluster 2: HS IP, LLC

Like Lasting Impact, the brands under HS IP all list the same PO Box in their contact information. Unlike the first example cluster, which has brands covering jewelry, streetware, and women’s fashion, this cluster stays focused on fitness and swimwear.

Of all the brands in the network, the ones owned by HS IP have the best reputation. There’s little to suggest that their positive reviews on Trustpilot aren’t real customers. It’s clear that the owners aspired to run a legitimate business and probably turned to the fake accounts when they realized starting an online fashion brand wasn’t easy money after all.

The brands in this cluster are: Astoria Activeware, FOUR Clothing Co., Haute Swimwear, and a defunct brand called Quic-Fit

Cluster 3: Novus International FZE

I first spotted the name Novus International FZE in the footer of the watch dropshipper Pierre Arden. I could only find bots for one brand in this UAE based cluster, despite the fact that they have other brands that are so transparently fake they use the same exact layout and advertise the same products.

Other Clusters

Other brands use virtual offices or coworking spaces — places where many brands might legitimately share an address, which means they can be clustered but I don’t know much more about them then that. Many brands don’t have official names, because why bother to set up a LLC or a corporation for your scam? Vincere itself is incorporated in Delaware, which shields the identities of the owners.

How Does the Network Navigate Instagram?

There are lots of ways social bots can find potential targets. This network uses location tags on Instagram. Location tags when compared to hashtags offer scammers significant boosts in efficiency. There’s less volume in a day. People are less likely to spam them with off-topic content. You can target specific locations where would be influencers like to create content. If you want to find some of these bots in the wild, go to the Recent section of location tags of any place where influencers like to pose, browse the comments on posts with girls posing in them. I’ve found them at The Pink Wall, Joshua Tree Park, and Venice Beach. The first bot in the Vincere network to get caught in the honey trap found me because I tagged a post at the Space Needle. Once I realized they were scraping location tags, I created a few more location tagged posts in order to see if the network picked up my account again. A second bot found me at the Griffith Observatory. Neither one of these posts used traditional hashtags or other forms of tagging. The only way an outsider would find these posts is through the location tag.

The bot always instructs you to DM the main brand account which will make the ambassador pitch. As you might imagine, they get down to business fast and avoid answering any unnecessary questions.

Reusing Accounts for Dead Brands

Occasionally Shopify gets wise to what’s going on and shuts down a brand. Do the bots for those defunct brands go away? Of course not! Fake accounts are a commodity after all.

Instead the network repurposes the bots and they start “scouting” for other brands in the ring. It’s curious that the network operators do not elect to change the bot identities too as that would make the repurposing of old bots much more difficult to detect.

There’s also a lot of evidence that the Vincere network is not creating all of the fake accounts it owns, but buying them through the secondary market. Sites like Fameswap and Social Tradia facilitate the resale of social media accounts, sometimes to serve as bots, sometimes to kickstart a brand with a legitimate following. Secondary markets also run through gray forums and discussion boards like an online jumble sale for fake accounts. The subreddit r/InstagramMarketing is a good example of this activity.

It used to be that Instagram allowed you to see the name change history of an account, making such behavior transparent. That feature was shutdown, but not before writer Zulia Rane got some screen caps of this network’s history.

Scam as a Service

The people behind Vincere, Astoria Activewear and Valerio are clearly different groups, and yet the fake accounts setup for them are coordinated. Valerio bots frequently rep for Vincere even though the company that owns the Valerio brand has a streetwear brand that directly competes with Vincere.

I’ve nicknamed this bot network the Vincere network both because that was the set of bots I started with, but also because over time it became clear that Vincere was the most dominant brand. It has the greatest number of fake accounts, and fake accounts for other brands can be found pushing Vincere far more often than any other combination. It’s not clear to me that the people behind the clusters know the fake accounts using their brand identities are also representing Vincere.

It seemed obvious that the dropship brands were not running their own fleet of fake accounts, but were actually customers of a service. It took me time to figure out what kind of service, but once I found them I was surprised by how transparently they operate.

The bot services that will sell you likes or followers at the very least pretend publicly that what they are delivering are real users and authentic engagement. By contrast, the Vincere network is likely the product of what is known as a “Mother Child Method” service, and Mother Child Method services straight up broadcast the fact that they will create hundreds, potentially thousands of fake accounts based on your brand. One service claims to have over 50,000 fake accounts in their network at your disposal.

These networks consist of multiple types of fake accounts which play different roles. In the Vincere network the “scout” accounts doing the outreach to influencers are just the vanguard. Behind them is an even larger network of fake accounts made to look like real users.

These accounts do the scraping of Instagram locations so that the scout accounts can devote the API requests Instagram allots them to direct outreach.

One Black Hat World user described it like this:

One of the recent change (sic) that IG implemented is low API limits. What that translate (sic) to is that you (sic) each slave account needs multiple scraper accounts to keep it alive. Without at least 6 scraper accounts running simultaneously with 1 slave account, the slave account cannot perform actions. In addition, because these scraper accounts die very quickly it ends up costing more money and taking up time for maintenance.

The second thing the scraper accounts do is act as fake followers either for direct resale or to pad the numbers of bots in the network or the main brand accounts they serve.

That last part is particularly interesting because Mother Child Method is usually pitched as an organic growth tool. Interactions with the child accounts are supposed to increase exposure to the mother account and increase followers. Customers of these services are billed potentially hundreds of dollars a month. The more “growth” the client brand sees, the more likely they will keep paying for the service. When the Mother Child network includes not just clone brands but also fake accounts that can pass as real users it’s likely that these bots are following client brands in order to ensure the client sees the “growth” they need to continue paying the network.

In the end, the scammers themselves are being scammed.

If you’d like to see the network for yourself you can play with some of my data here. In order to protect legitimate Instagram users, I’ve filtered to just the scout accounts, even in situations where it seems obvious that the “normal human” account was fake. I’m also including a list of all the fake accounts I found via Instagram basic search but did not trace before publication.