I'm Being Impersonated on Twitter. Have I Arrived?

in scam •  7 years ago 

I often see pathetic attempts by cryptocurrency scammers replying to tweets from well-known members of the cryptocurrency space about some "give away" they are doing. They copy the entire profile of the person they are impersonating in an attempt to fool people into doing stupid things.

DO NOT GIVE ANYONE YOUR PRIVATE KEY.

Don't send them cryptocurrency hoping for some too-good-to-be-true event to happen in your favor.

Don't be stupid.

In the last two days I've been impersonated on Twitter more than a half dozen times. I only have ~3k Twitter followers and yet they think I'm a valuable targer. Go figure. Here are the accounts so far:

lukestcokes
lukestookes
lukesthokes
lukebastokes
lukestbokes
lukestoknes
lukestokhes
lukestkokes

And they keep on coming. They look just like my actual profile so they are doing some work to scrape it:

When I first saw this on my mobile, I was freaking out and they were linking out to known scam sites trying to steal people's cryptocurrency.


At first I thought, after 10+ years running a secure, PCI compliant system, I had finally had one of my accounts hacked. I jumped off my couch to get to my laptop and immediately changed my Twitter password and disabled all applications which had access to my Twitter account. After calming down a bit, I realized my account wasn't compromised and these were just look-a-likes impersonating me and trying to get people to visit a scam site.

If you're not sure what's a scam site and what's not, go install MetaMask and MetaCert's Cryptonite.

And yes, that is my real Twitter account, the same one tweeting about Bitcoin since 2013.

I kept reporting and blocking them.

That's when things got a little weird.

Twitter Teaches Phishing

I started getting emails telling me to upload a picture of my photo ID to this page:

That looks exactly like a bad phishing attempt. The domain isn't Twitter at all! It appears to be a Salesforce account for "twitterinc," but nothing about this page gives me any sense of security that I'm actually talking to Twitter! If someone asked me about this, I would think it's a scam for sure! Impersonate someone in an obvious way, then send them an email asking for their identity documents, then use those docuents to really steal their identity and/or get access to their accounts.

Scary stuff!

I tried to verify the domain is legit, and there isn't much out there to do that.

Spam404 (?) says I can trust it but nothing from Twitter?

I started to see a pattern when I replied to one of the emails and got a reply from Twitter support with the same case number (automated, of course).

I then checked the original view of the message to see it passed SPF, DKIM, and DMARC:

Those are methos of ensuring this email did actually come from the mail servers at Twitter.com. If you didn't know, email from addresses are very easy to fake, so don't trust the from address in an email you receive unless you can track the actual server details, it's been signed with PGP, or you have some other mechanism like SPF, DKIM, and DMARC.

Eventually, I had enough confidence to actually upload my ID and eventually got this email confirming it was legitimate:

That, and the account was removed.

So as amazing as it sounds, twitterinc.secure.force.com is apparently the real domain for uploading your secure documents to Twitter to get impersonation accounts deleted. I really hope they fix this and get an A record so they could do something like secureupload.twitter.com. Anything would be better than this. It teaches people to give over private information to sketchy-looking websites. That's not a good thing.

I talked to a friend of mine who works at Twitter via DM, but he didn't seem too concerned about it. I hope they realize this is a big deal in the cryptocurrency space because people are getting scammed daily.

If you want to follow the drama as it happened on Twitter, see this thread.

Stay safe people. Hackers are out to get you, and the only chance you have is to get educated and stay vigilant. Use tools like MetaMask and MetaCert's Cryptonite. Always double check the URL. Use a password manager like 1Password or Lastpass.

If you're in the cryptocurrency space, you're a target as we found out when they got our eosDAC YouTube channel removed. Only you can protect yourself when you are your own bank. I hope this page will help people in the future know what to do if they get impersonated on Twitter.

If you have any questions, please let me know, and I'll help if I can.


Luke Stokes is a father, husband, programmer, STEEM witness, DAC launcher, and voluntaryist who wants to help create a world we all want to live in. Learn about cryptocurrency at UnderstandingBlockchainFreedom.com

I'm a Witness! Please vote for @lukestokes.mhth

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Way to go! Mission accomplished. ;)

Hi @eeks! Sorry for messing around in your comments.

I just wanted to advertise my voting service @tipU which you might be interested investing in. That's because @tipU pays out 100% of profit and extra 50% of curation rewards to all SP delegators and investors.

You can find more info here. Please accept this in return: @tipU send 0.1 sbd tip (@tipU can also send tips:)

Hi @eeks! You have received 0.1 SBD tip from @cardboard!

@tipU is looking for SP delegators: pays out 100% of profit to all investors - more info here.

@lukestrokes there are hundreds of Scammers on the basis of ico and airdrop things, someone just need to be extra careful. There is no free launch.

Ha! Congratulations(?) on being targeted, especially by geniuses with such wise words to share with the world like "Life is a kaleidoscope" and "Loneliness is a beautiful thought". I mean, who comes up with this stuff?

Although, I don't know, lukebastokes kinda has a nice ring to it!

I don't know how people still fall for this obvious scam, but they do. Thanks for shining a light and trying to fix it.

He's becoming popular :)

The real @lukestokes 'arrived' years ago, this must be an impostor! :D

Yeah! I'm referring to the real one.

Wow , everyday witnesses and the whole of Steemit platform keeps the fights against phishing so seriously that some of those witnesses hardly have time for them selves. The warnings goes out everyday and we all have to be smart and be vigilant. Don’t click foreign links, don’t give your private keys to anyone and lots more are being echoed everyday. The damage phishing causes could possibly ruin a financial system of an individual or a group of companies. Thanks for the warning and the awareness. You just saved some wallets

This is really bad, happy that the scam accounts has been removed. The lukestcoke account made me laugh, maybe they want to sell coca cola coin to people using a popular name. Everyone should be careful cos they are people out there who don't believe in hardwork and only want to take from the sweat of others.

Imitation is the greatest form of flattery! Clearly your name holds weight in many circles

It will never happen to me. I mean the impersonation thing! Not famous enough at all.
While it could be flattering it still is apparently a hassle to fight against it. For sure, if you need a site which appears to be a bad phishing site. I also wouldn't wouldn't have trusted after seeing that somebody else tries to make money by using your name!

Yeah, scammers are in a continuous look for different ways to catch people that are not careful/informed enough. Another thing that I simply love at this place is the way people can identify themselves, because if you hold the private keys of your account, you can prove your identity just making a post. Nobody will be able to create an account with the exact same name, and if they make one with a pretty similar name, they will not be able to reproduce the reputation of a whale or dolphin so easily and eventually soon they will be flagged to nothing.

Look at the bright side, you are an important person who deserve the attention of a pretty big audience, since your account is replicated by scammers :D

Now you know your famous when people want to be you but still very scary, they want what you have. Hope you can get these people deleted and sorted out.

Really bad, and the world we live in. Unfortunately..thank you..

I have no idea how these people sleep at night. Trying to scam people out of money/crypto. They don't seem to feel any guilt for what they're doing, and ultimately, someone could do something awful to themselves if they lose a lot.

Its really messed up but hey, it means you're doing something right for someone to go through the stress of impersonating you. Its a fact that only relevant people ever get that. I should congratulate you as much as i chastise the culprit

You my friend have officially made it! I hope that people do not take does ETH giveaways seriously! You would think Twitter would have better protection against this sort of thing!

Wow. At first I was just giggling at that silly tweet about lonliness, but damn. This is some crazy shit. I agree about that Twitter site looking phishy ...I wouldn't have thought it was real, either! I get fake Paypal emails all the time, and I know how to report those, but I wouldn't have known what to do about Twitter.

you got it! next step is a cartoon to finally get out in The Simpson's episode haha

really great contant that you discussed,oh no its scam,on twitter

felicidades es un gran paso el que estas dando

"Loneliness is a beautiful thought, and only in the thinking of the time, it looked so beautiful and lonely."

;)

Good stuff.

Well you know what they say....

Teach a man to phish and you feed him for a lifetime.

How did you track these impersonating scams and what did they gained from this? I mean, where they requiring some kind of payment to get included in this giveaway? All I can-tell, these scammers are very creative. Once they get an idea to make money, they don’t care about you being a real person.
2452A339-AB25-4807-8E25-748BBE0A30A6.gif
Source

Soooo educational!

IMG_3598.GIF

Verification was created specifically for the problem you're having now. I have never been interested in being verified because I'm lucky enough to not have anyone that wants to impersonate me lol 😂

And why is it that these scammers are always all about the ETH?

That's wild man! I guess you really have arrived. Most have been that interview on the music and money show that set you off lol.

Let me know when you are ready for round 2, welcome anytime.

Have you good day my friends.and this photo is great

Good advice! Thanks for posting this as a warning @lukestokes. it's really ugly to think but scammers are everywhere nowadays. We really should be careful specially in social media.

man oh man, on the Liberty Entrepreneurs podcast on day and phished the next day. You have made it!

I just saw this happen in real time this morning with an actress who has 180k followers on a verified account!


I also noticed the scammer YouTube channel which was trying to impersonate eosDAC may have been a hacked YouTube account as well:

Google search:

And when clicked, it goes to a normal looking channel:

I wonder if Chad was hacked and got his account recovered or if "Chad" is a fake account used to temporarily put up scams?

I think it's about time you get that blue check mark next to your name!

Hi @lukestokes ! Well done! Its great to read all the actions you took to get rid of those fake accounts and to help twitter see this problems. Hope they do something as fast as possible.

Regards, @gold84

Great post @lukestokes. Here is audio version of this post click the button below to listen:

Brought to you by @techstack.

That's fucking sick bro. Good sign you getting popular...and rich :D Fingers crossed that this was the last one!

So sorry to hear this @lukestokes. It never ceases to amaze me the level of depraved human beings in this World :(

This act is nothing but a cheap of reaping from where you didn't sow. They're scums.