Skip to content
Polaris Corporate Risk Management logo
Case study

Case study: How can fraud derail your timeshare sale?

A case study of a CJNG-linked timeshare resale scheme — shell LLCs, forged regulator letters, and Mexico wire transfers — and the red flags that unmasked it.

BySophia Moore·Edited byStephen Ward·Reviewed byAJ Minzer··7 min read

Not all fraud is created equal. Some schemes are obvious, messy, and desperate. Others are highly complex; carefully crafted to seem boring. We recently supported a client through a near-perfect illustration of how a modern, cross-border fraud is assembled. It is a common scheme, one with more victims each passing year – despite attempted disruption by law enforcement. To spot a fraud, you have to know the signs. This case study highlights some of those signs, and how one of our Analysts unmasked the scheme.

Our Client was trying to sell a timeshare, so he did what most people do when they're trying to sell something: entertained a prospective buyer represented by a fund manager. The fund manager brought in an escrow company, contracts were drafted, and bank confirmations arrived. Then came a letter from a Mexican bank regulator signed by a real senior official, explaining that the Client would have to release a trust for the deal to proceed. Releasing the trust would take just one more wire payment. Over the course of a year, piece by piece, the Client sent hundreds of thousands of dollars to Mexico-based bank accounts. It seemed so real: mail was exchanged by real people, using real addresses, legitimate email addresses, associated with real corporate entities. But was any of it real? Here's some of what we uncovered.

The Deal Makers

The "fund manager" and the "escrow firm" the Client dealt with had borrowed the names of genuine, registered businesses unrelated to the fraud. This was intentional. In doing so, the bad actors inherited a history, a paper trail, and a digital footprint: you can look them up online, browse their websites, read apparent reviews, find legitimate corporate records. They passed the initial sniff test.

However, with some additional digging, the red flags began to surface: the fund manager's website had gone live a few months before the scheme accelerated and it listed an address on its letterhead that corresponded with an unrelated firm that actually occupied the building. Analysts identified that the unrelated firm had grown so tired of the confusion that they sent a cease-and-desist letter to the legitimate fund manager that the bad actor was fronting as. The escrow firm, on the other hand, was linked to a residential condo building built in 1890, with no apparent commercial activity at all.

The names of the representatives communicating with the client similarly fell apart under scrutiny: one matched a mortgage professional in another state with no conceivable connection to the case, while the other was a name that appeared on consumer scam-tracking sites.

The Burner Company

The Client's first of several transfers went to a third company: a U.S.-based limited liability company (LLC) registered in early 2024 that received the funds before moving their operations offshore. The entity had filed a single document with the state and was already delinquent on its required filings, consistent with a type of single-use shell company. The Financial Crimes Enforcement Network has published warnings for decades about the use of shell companies to obscure the movement and destination of a financial transfer. Its corporate formation paperwork was processed through a high-volume, online company-formation service, signed by Lovette Dobson – a name that has already been the center of public scrutiny. By OpenCorporates' count, Dobson is the most prolific signer of corporate paperwork in the country, serving as the signatory for tens of thousands of LLC formations. Inc. magazine spent a long feature trying to make sense of Dobson's corporate formations, a significant volume of which were tied to fraud. Although Dobson's association with the entity is not reflective of any wrongdoing on her part, it tells another story: the entity was made fast, cheap, through a mass-formation pipeline that has, according to another Inc. feature, long been a favored channel for establishing fraudulent ghost companies.

The Registered Agent attached to the shell tells the same story: the firm had been singled out by Wyoming's Fremont County Assessor and by reporters at Cowboy State Daily as the outfit most often behind the fraudulent use of residential addresses in LLC filings. The firm's ownership trail itself wanders through shells in Houston and Florida. Previously, at the behest of the FBI, Wyoming has dissolved companies that ran on the same registered-agent pipeline. While the entity's formation pipeline, again, is not evidence of wrongdoing, it can be a readily exploitable practice for malicious actors.

The Mexico Transfers

Then the escrow firms wiring instructions shifted. Over the course of the year, they named a rotating cast of recipients: a Mexican bank through an American representative, then the domestic shell, then a string of Mexican companies moving through two large Mexican banks.

The recipients were similar, but they were similar in what they lacked: no websites were identified, no social media profiles, no listing in any corporate registries, no footprint in databases where an operational entity should be. One address resolved to a coworking and virtual-office center – an address you might rent without occupying, which is precisely the profile the Treasury Department has described in these networks. Another address did not exist; the street numbers it claimed ran higher than any real number on that road, and the neighborhood was a misspelling of a real one.

The Forgery

Perhaps the boldest part of the scam came while the investigation was already ongoing: a letter from Mexico's national banking and securities regulator. The letter used the name and digital signature of a real senior official, which projected authenticity. But, would a genuine financial regulator ever directly email a private citizen to intercede in a property transfer, demanding the release of funds?

Analysts identified the letter as a forgery. The Spanish original contained a double negative that, read literally, said the funds should not be released, while the English translation handed to the client quietly dropped the negation and turned the sentence into permission. Somewhere within the scheme, someone had written the Spanish haphazardly, only correcting it in the version read by the would-be target. The same letter misspelled the client's surname, contradicting the written contract it was supposed to support, and garbled the regulator's own name in translation.

The Pattern

Our Client experienced what the FBI and the SEC both describe as the final phase of one specific fraud scheme tied to the Jalisco New Generation Cartel ("CJNG") – one of Mexico's most prominent, and violent, cartels, which made international news following the killing of its leader, El Mencho, in February 2026. The scheme conforms, in each of its stages, to a three-phase timeshare-fraud typology that U.S. authorities have attributed to the Cartel de Jalisco Nueva Generación (CJNG).

In February 2026 the Treasury Department took action against a cartel-run resort near Puerto Vallarta, its sixth action d against CJNG-linked timeshare fraud since 2023, designating more than 90 people and companies tied to the network, most of them concentrated in the same areas of Jalisco where our Client's money came to rest. Per CBS reporting, officials have called the operation a vertically integrated fraud factory: cartel-run resorts harvest lists of timeshare owners, and they execute the pattern of fraud that has proven effective time and time again.

The Treasury's Financial Crimes Enforcement Network (FinCEN) has logged more than 850 suspicious-activity reports, flagged approximately $330 million in potentially fraudulent transactions since a 2023 federal alert, and receives roughly 40 such reports each month. The Federal Bureau of Investigation has separately reported that approximately 6,000 U.S. victims lost nearly $300 million between 2019 and 2023, with an additional $50 million reported in 2024.

850+FinCEN SARsSuspicious-activity reports logged
$330MFlagged transactionsSince the 2023 federal alert
~6,000U.S. victimsFBI-reported, 2019–2023
~$300MVictim lossesFBI-reported, 2019–2023

The Takeaway

Components of the scheme are, individually, lawful and commonplace—company formation pipelines, virtual-office rentals, domain registration—but the fraud derives its resilience from this ordinariness.

Timeshare or other property owners looking to their property, or those approached with unsolicited resale or rental offers, should exercise caution: decline to act on demands for urgent financial transfers, and verify all documents and parties independently before transmitting funds. When in doubt, stop, and check the names against the FBI's timeshare-fraud resources or bring in an expert to conduct a due diligence before transferring any funds.

fraud-investigationtimeshare-frauddue-diligenceshell-companiescjngaml

Brochure Download

Download Polaris brochures

All of our core capabilities, designed to share with stakeholders and for procurement review. Click “Download brochures,” select what you need, and get PDF downloads right away in your browser.

Download brochures

Choose what you need, drop in your name and email, and your downloads start right away in your browser.

Pick brochures