A $50M Chevron-CEO impersonation, caught in 30 minutes.

On 2026-05-13 a LinkedIn profile claiming twenty-three years as Chevron Group CEO pitched two cargo deals through OilFlow. Chevron's actual Group CEO is publicly documented. We caught the impersonation by running one test. Zero value transferred. Here's how — and how you can subscribe to the live cluster feed so the same pattern never lands on your compliance desk.

Date: 2026-05-13·Pattern: mandate-chain impersonation·Severity: confirmed·Outcome: rejected pre-NCNDA

TL;DR

A LinkedIn profile claiming “23 years as Chevron Group CEO” tried to buy $50M of physical oil cargo from OilFlow Network. Our scam-detection pipeline caught the impersonation in 30 minutes by running one test: the three-document test — named principal trader plus corporate email domain plus corporate letterhead. Chevron’s actual Group CEO is Mike Wirth, in role since February 2018 per public 10-K filings. The LinkedIn profile claimed continuous CEO tenure since August 2002. That’s a falsifiable claim. Zero deals transferred any value.

The setup

What hit the inbox

On 2026-05-13 a counterparty introduced via a warm-intro broker chain pitched two cargo deals through OilFlow’s matching:

25,000 MT RON 95 to Mombasa — high-octane gasoline for East African distribution.
Light naphtha (LR1/LR2) to Japan — petrochemical feedstock for the Yokohama complex.

Both deals were framed as “Chevron downstream procurement,” routed through intermediary trading entities to allegedly avoid “competitive intelligence leakage to other IOCs.” The named principal was identified via LinkedIn as “Group Chief Executive Officer at Chevron, August 2002 – Present (23 years, 10 months).” Listed commercial counterparties included Arrakis Development (a fictional desert planet from Frank Herbert’s Dune) and Exxon Global Distributor (not a real ExxonMobil subsidiary). A claimed Singapore joint venture, NW Corp Singapore, does not appear in ACRA. A typical commodity-trade warm-intro setup, on the surface.

The pattern

Real IOC trades produce three documents trivially

Named principal trader

A real human name with verifiable employment. Public 10-K leadership disclosures, SEC filings, public press.

Direct corporate email

@shell.com / @chevron.com / @exxonmobil.com. Not Gmail. Not Proton. Not a private mail server set up last week.

Corporate letterhead

A signed offer or buy-interest with the corporate seal. IOCs maintain trade-desk letterheads as a matter of course.

Mandate-chain fronts cannot produce all three because their “principals” do not exist as documented institutional actors. The three-document test runs against every counterparty before any compliance value transfers. On this counterparty, the test surfaced three independently verifiable falsifying signals inside thirty minutes:

LinkedIn tenure claim conflicts with Chevron’s public 10-K leadership disclosure (Mike Wirth, Chair & CEO since Feb 2018).
Two of three named commercial counterparties do not exist as registered entities (Arrakis Development is a Dune planet; Exxon Global Distributor is not in ExxonMobil’s public subsidiary list).
The Singapore JV named “NW Corp Singapore” cannot be found in ACRA, Singapore’s authoritative corporate registry.

The cluster feed

The same record, surfaced via API

The counterparty was tagged in OilFlow’s scam-cluster blocklist immediately after detection. SKU #3 subscribers get the full record on a webhook within milliseconds of the severity escalation. Same record, exposed as a synchronous lookup:

curl -H "Authorization: Bearer $KEY" \
  "https://oilflow.us/api/v1/clusters/check?name=Simar+Chahal"

{
  "ok": true,
  "data": {
    "matched": true,
    "highest_severity": "confirmed",
    "matches": [
      {
        "entity_name": "Simar Chahal",
        "entity_country": null,
        "severity": "confirmed",
        "pattern": "mandate_chain_impersonation",
        "reason": "LinkedIn-claimed Chevron Group CEO since 2002. Chevron's real Group CEO is Mike Wirth since Feb 2018 (Chevron 10-K)."
      }
    ]
  }
}

The same record is also delivered as a webhook event (cluster.entity_added on first detection, cluster.entity_severity_changed on escalation). HMAC-signed, retried with exponential backoff, dead-lettered if your endpoint stays down.

Why this matters for compliance teams

Pattern detection beats volume detection

What sanctions screening alone catches

Names on OFAC SDN, UN Consolidated, EU CFSP, UK HMT lists. The impersonator is not on any of these — the whole point is to look clean against the standard checks.

What pattern detection catches

The shape of the deal: mandate-chain warm-intro plus a non-falsifiable corporate claim plus fictional counterparty entities. Sanctions screening returns clean; OilFlow returnsverdict: “fail” with cited evidence in under a second.

See it live in 20 minutes

Subscribe to the cluster feed before the next impersonation lands.

The Scam Cluster Intelligence Feed (SKU #3) ships verified-fraudulent counterparty records as real-time webhooks plus a synchronous API. Two pricing tiers: $10–25K/yr read-only, $50–100K/yr API + alerts. We’ll demo the Simar record live, show you the webhook payload your endpoint would receive, and scope an integration that fits your existing compliance pipeline.

Or email intel@oilflow.us with your team’s compliance pipeline in one paragraph; we’ll reply with a scoping call slot inside 24 hours.