Like, it can’t be a real person, right? Has anyone tried following the links? I’m curious how they’re scamming people. It just seems like anyone getting the same message 5 times won’t fall for being catfished, so I don’t understand what their strategy is.
Would have been an awesome ARG if it wasn’t nothing.
Be pretty gnarly if it turned out to be linked to a human trafficking ring or something ridiculously heinous like that.
I’ve received 3 Nicole messages since I’ve been on here, each one with a different photo. It’s weird, really weird. I ran the photos through TinEye and Google Reverse Image Search but I found no exact matches. The photos are blurry somewhat, which implies that they are shots taken from a video, which is a method catfish have used to evade detection. It’s also possible that the original photos have long been deleted (as far as I’m aware, this would contribute to evading detection) and the catfish is using this to their advantage.
Someone looked into one of the Nicole accounts, and on that account there was a photo of something shiny, I believe it was a buttplug, and there was clearly a reflection of an old white man reflecting off the object. Once that was pointed out, they deleted the photo. So whatever the intentions are, I’m sure it’s nothing good.
I’m guessing it’s a pig butchering scam of some kind. The messages advertise other platforms, along with a chatroom that is named “hell”. The aim is to lull a person into a false sense of security via catfishing, pretending to be the their friend or lover, and then pull a scam on them.
I’ve received 3 Nicole messages since I’ve been on here, each one with a different photo. It’s weird, really weird. I ran the photos through TinEye and Google Reverse Image Search but I found no exact matches. The photos are blurry somewhat, which implies that they are shots taken from a video, which is a method catfish have used to evade detection. It’s also possible that the original photos have long been deleted (as far as I’m aware, this would contribute to evading detection) and the catfish is using this to their advantage.
They could also be photos catfished from other people.
Someone looked into one of the Nicole accounts, and on that account there was a photo of something shiny, I believe it was a buttplug, and there was clearly a reflection of an old white man reflecting off the object.
I want to know more about this!
Well, see, a buttplug is basically a plug, but for your butt. Would you like to know more?
The strategy is to get you onto a different platform to make instant messaging easier. They are just “advertising” on Lemmy.
Once you’re on a chat platform, they will likely attempt the Pig Butchering scam: make the target fall in love, then persuade them to send money for things like “travel expenses” or “family medical bills”. Also involves buying crypto.
Easier and/or less moderated. They would be much more difficult for a moderator to track down if you’re talking with them on another platform.
There is an effort to reterm away from the dehumanizing and victim blaming “Pig Butchering” to “Romance Baiting”.
A good guess but so far as i can tell they dont actually message people directly outside of the initial contact. The chat rooms are barely active but ive been idling on the matrix for days and nothing.
This makes the most sense, but I still find it odd that they would send victims to the same discord server, or friendica.
Is it always the same discord server? I got the message the other day but ignored it.
The same reason a lot scam emails are riddled with typos, follow recognisable formats (eg nigerian prince) and can be easily determined as scams. If you can spot it, you aren’t the mark. It’s a form of selection bias. If you recognise Nicole you probably aren’t new to Lemmy or the Fediverse and are a bad mark. I’d guess, I never followed the links, don’t generally follow links dm’d from random, days old accounts in general. Maybe Nicole truly is just thirsty for Lemmy friends and keeps getting banned lmao.
If you can spot it, you aren’t the mark.
This doesn’t make any sense to me.
Why would you deliberately make your bait less appealing to filter out the fish that might wriggle off the hook before you land them?
The typo’s are in order to evade bayesian spam filters which get suspicious about certain words.
The common formats are used because those are the ones that work.
The initial fishing is a low effort, wide net. What follows actually takes the investment of man hours and/or other resources. They would rather get 1 catch they can take all the way, than 500 where 495 will figure it out later and bail.
Sure but there’s no evidence that the typos effectively weed out the ones they don’t want.
No evidence that we have. The spammers obviously think it’s worth doing however, and they are the ones that would have the statistics.
All the evidence we do have demonstrates that the typos evade Bayesian filters and improve deliverability. This is demonstrably true.
When you hear hoof beats think horses not zebras.
Provide the evidence?
Does it however? I’m not up to speed on modern anti spam, but a huge number of spelling mistakes screams spam to me. I would be extremely surprised if it wasn’t the case. The best way to deliver spam is to make it indistinguishable from legit messages.
Also, the existence of spear fishing implies it’s a choice.
a huge number of spelling mistakes screams spam to me
Do you mean to say, you’ve learned to associate spelling errors with spam because most of the spam you see… the spam that gets past your spam filters… has a lot of spelling errors?
The best way to deliver spam is to make it indistinguishable from legit messages.
That’s just not true. The best way to deliver spam is to send it from a reputable address, and to avoid looking like spam.
Bayesian filters need to be trained by a user identifying email as spam. From those emails it learns which words frequently appear in spam emails. Including spelling errors means more unique words rather than words that look like spam.
Because you’re selecting with people who lack experience with scam/critical thinking to figure out they’re scams.
I understood you the first time. My point is, it’s nonsensical.
If you’re sending emails to potential victims you want as many responses as you can get.
It’s an absurdity to suggest that typing errors would intelligently select for people more likely to be scammed.
I’m not arguing about this. Especially not with a baby account. This is an opinion informed by expert opinion on the matter, and I work in tech. If you think it’s “nonsensical” that’s on you.
However, the reason why phishing emails have so many typos is simple—they’re intentional and are included by design. The scammer’s goal is to send phishing emails to a very gullible, innocent victim. If they have typos, they’re essentially weeding out recipients too smart to fall for the scam.
Oh boy. Sure ok you must know everything about security and spam and scammers because you “work in tech”. Honestly, telling people that doesn’t make you sound any more credible.
Did you honestly just google “scammer typos” so you could provide me with an expert source?
You’re making a very simple assertion - that typos weed out potential victims who are gullible enough to fall for a nigerian prince scam with no typos, but not gullible enough to follow through to actually paying the scammer.
It’s a preposterous claim with absolutely no evidence supporting it. Any idiot can see it doesn’t withstand a moment’s thought.
On the other hand, it’s demonstrably true that typos can help to evade bayesian filters.
The actual situation, which both you and mr security blog guy have gravely misunderstood, is that including typos in order to evade filters improves response rates because it improves deliverability and does not discourage a significant number of victims.
Er go, the type of people who become victims are not likely to be discouraged by typos.
That’s not the same as including typos in order to discourage people who are not good victims.
If their claim is so preposterous then why are they providing sources and you’re not. Writing longer and longer walls of text and being more and more disrespectful isn’t going to convince anyone. If you have evidence just provide it instead of insisting is exists.
Never claimed that, said that because that’s why I’m aware of it, not that it indicates any authority.
Did you honestly just google “scammer typos” so you could provide me with an expert source?
Not quite but pretty much yep. Given you claimed it was “nonsensical” I had hope me showing sources that weren’t just my saying so might make you reconsider your position. Perhaps unsurprisingly, it didn’t.
It’s a preposterous claim with absolutely no evidence supporting it. Any idiot can see it doesn’t withstand a moment’s thought.
You’re free to google “scammer typos” and check out the results yourself given there seems to be nothing I can do or link to convince you that this is a silly hill to die on.
is that including typos in order to evade filters improves response rates because it improves deliverability and does not discourage a significant number of victims.
What filters are these? I’ll have to keep an eye out for the grammar section in the inbound spam/phishing policies next time I’m managing a client in the exchange section of their tenant. Bad luck for those who don’t spell well, can’t use spell check or are ESL, I guess. Mistyped URLs or domains however, sure are a thing.
Er go, the type of people who become victims are not likely to be discouraged by typos.
*Ergo. I guess you’ve made up your mind, based on god knows what. I’ll leave you with a link from a university’s IT department from your google search terms, feel free to look at the rest of them any time you like.
It’s on purpose. If you can spot it, they don’t want you.
But what would the opinions based on another “Mr security guy”, aka a Microsoft researcher know.
this is a silly hill to die on
indeed
What filters are these? I’ll have to keep an eye out for the grammar section in the inbound spam/phishing policies next time I’m managing a client in the exchange section of their tenant. Bad luck for those who don’t spell well, can’t use spell check or are ESL, I guess. Mistyped URLs or domains however, sure are a thing.
I can’t believe I need to explain this to Mr exchange server administrator, but you have it the wrong way around. Spelling errors are a common strategy to avoid emails being classified as spam. Bayesian filters collate tables of words that commonly appear in spam. Spelling errors create words that the filter hasn’t seen classified as spam.
Honestly people that do recognize it for what it is should respond. Keep them talking to waste their time so they can’t hurt someone else.
Their time is worthless, they use slave labor.
But then you’re also wasting your own time.
If we all wasted 5 minutes we could shut down the system.
People really underestimate the power of collective action. It’s just meat based ddos.
It’s just meat based ddos.
What a fascinating sentence.
I mean if everyone “collective action” ignored them together, no one would have to waste even 5 minutes ¯\_(ツ)_/¯
And theoretically, if there would be the same amount of scammers as decent people, everyone would have to waste all their time with your strategy, but with my strategy none of the decent people would waste time.
But yes I understand it of course, protecting the weak is not a bad thing.
you mean, everyone who already knows it’s a scam or can recognize that it probably is. which is not everyone. otherwise the whole thing wouldn’t exist.
Which is what I acknowledged with my last sentence. All I’m saying is that both methods could be worthwhile, and in a perfect world where everyone is educated, everyone ignoring the scammer would be better.
In a perfect world, anyone who attempted to go around hurting people would be removed from society.
“They” will be an LLM.
Maybe. That gets expensive very fast. We should all ask for artwork.
Time you enjoy wasting is not wasted. I always love talking to Indian scammers when they call about my student loans that don’t exist.
Yep, then of course this doesn’t matter :) go for it!
I already asked 2 scammers on discord for bathwater and they never took me up on it :( it’s a cruel world
yeah but it’s fun
And if you can get them to do stupid things, you can post about it here!
That easier done with more involved scams like phone calls you see YouTubers do. Especially since they likely paid for that info. Places like here there’s no buy in so it’s a volume game i imagine. If I can’t get you to another platform to buy me stuff I’d move on to the next one quickly as possible.
I had one Indian scammer use my name so I was interested. Then he asked if my email was still current and gave an email that I used like 20 years ago in middle school. I laughed and told him he paid for shitty info. It was a goddamn Hotmail account to give you an idea.
I think Lemmy ran out of Beans, so someone decided to make that as a joke.
The point is to introduce me to my future wife so stop messaging her!!
Did you call dibs?
I wish I knew. I followed the link to the Matrix community, and it was just confused people and trolling NAZI’s. No Nicole, no attempt at catfishing.
I guess the scammers are also in the process of figuring out how to use the Fediverse. Give them time. :)
Yeah this is what I’m confused about, why would you send your potential catfish victims to the same place where they can talk to each other and then ignore them?
Some 7D chess I can’t possible comprehend or a really bored troll.
The point is I can’t even get a known scammer to talk to me :(
hi it me john mastodon can u send me 200 vbucks so i can keep making website
What’s the point of any scam? To make money.
Your guess is as good as mine. Some people are just crazy.
Removed by mod
