Thread: Impostor Scams

Results 1 to 2 of 2
  1. #1 Impostor Scams 
    So when I'm free, I'm free


    Jay Gatsby's Avatar
    Join Date
    Jun 2010
    Posts
    2,307
    Thanks given
    1,148
    Thanks received
    1,982
    Rep Power
    5000
    Hello,

    Over the recent months there has been an alarming increase in the number of impostor scams that are popping up. The main reason for this is because, ultimately, they're working. People will continue to carry out these scams so long as there are people falling for them.

    This isn't something we'd like to see an increase in, and would love to be decreasing it by a noticeable amount. This thread will give you information about impostor scams that are occurring as well as provide you with a helpful verification message template to make use of. It's absolutely imperative that you make use of this format, as it really well help decrease the amount of scamming that is occurring using this impostor method. With a combined community effort, we could completely wipe out this form of scamming. With this in mind, I know there's a wall of text to read and I apologise for not being able to make it shorter, but it really is important that it gets read.

    Impostor Explanation & Examples

    The Basic Impostor Scam

    When you hear of someone carrying out an impostor scam, you likely think of someone simply not getting a PM with who they're dealing with and taking their Discord name at face value. Example below:

    Harry.#0001 speaks to C0r3y#1337 about getting a feature implemented. Harry has seen a user with the same username in the Rune-Server Discord, and he seems legitimate! Harry sends C0r3y $20 based on this, and C0r3y disappears off the face of the planet.
    So - what should Harry have done? Well, the obvious answer is to have gotten C0r3y to send him a PM through Rune-Servers forums to verify who he is. Granted, this wouldn't help in the case of a hacked account, but the cases where that happens are now incredibly minimal due to a push in users enabling 2fa(do so here, seriously).

    The type of scam above is quite simplistic and is often remedied by the solution listed. However, this isn't really the most common impostor scam anymore. The issue that users are now facing is that they're doing what they should and getting a message of verification, and still they are getting scammed by what seem like reputable users. Now, there are edge cases where reputable users are doing exit scams but more often that not the scams occurring are due to impostors. I've detailed the method below. It's a bit more complex than above so I've tried to make it really easy to understand.

    The Advanced Impostor Scam

    Our Characters:
    Harry - Good guy
    C0r3y - Bad guy
    Corey - Good guy

    Harry posts in the selling channel on the Rune-Server Discord that he's wanting to purchase some programming services. C0r3y then sends him a message, telling him he can do the services for a rate of $40. Harry thinks $40 is more than fair, but he knows to be vigilant after last time. He looks at C0r3y's discord tag and it's the same as Corey's discord tag, a friendly Discord user renown for doing programming services. Great - he's dealing with a well known and trusted user! Harry is still rightfully paranoid though, so he asks C0r3y to PM him through the Rune-Server forums. Sure enough, a few moments later, Harry receives the PM. He knows he's verified C0r3y, so he sends the $40 to [email protected]. A few moments later, he's been blocked. He's been scammed again.

    So - what happened? Well, firstly, the Discord ID.

    What Harry doesn't realise is C0r3y has managed to manipulate his ID in a way that makes it look like it's Coreys. Here's an example:


    Code:
    corey#2147
    cоrey#2147
    They look identical - right? Well, let's take a look.
    Attached image
    Yep, the o is different. I've provided a link in the resources section to this tool.

    Ok, so the ID was wrong. Harry still got the PM though - so how does that work?

    Well, what Harry didn't realise, is Corey was also getting tricked. C0r3y had sent Corey a PM asking for development services. C0r3y then asked Corey to send a verification PM to his forum profile and then proceeded to link Harrys profile. At this point, C0r3y had changed his Discord name to match Harry's, so Corey assumed he was a legitimate user. Corey sent the PM to Harry, and the whole thing came together for C0r3y, as Harry received the PM from the person he expected to receive it from.


    Preventative Measures

    Ok, so this is quite a difficult thing to really be able to fight against - right? You've done exactly what you should have - you've checked their Discord ID, you've got them to PM you and they may even have confirmed on your thread.

    Well fear not, there are ways that we can thwart this type of scamming.

    Discord ID's

    So, the regular Discord ID's/Discord Tags we're all used to are, to put it lightly, terrible. With Nitro you can imitate another user with ease, as we saw above. However, Discord assigns each user a much longer and completely unique ID. This is one you're unable to change. The good news is that you can see this ID!

    You'll need to enable Developer Mode for this. This site shows you how to do that.

    Once you've enabled it you'll gain a fun new option when right clicking on users.
    Attached image

    If we copy the ID of our friend Corey, we'll get the following:
    Code:
    174170745469927424
    This ID means we can get the true and unique numeric value of a user. This will help us with our verification message!

    Verification Messages

    Yes, we should still use the Rune-Server Personal Message as a verification tool. However, we should get more information from who we're trading with. I've provided a handy PM template below that you can send to people, all that's left to do is to fill in the gaps!

    Code:
    Hi THEIR USERNAME,
    
    I'm messaging you to verify that we are discussing the trade or fulfilment of a service/services or item/items. The service/services or item/items in question is:
    SHORT DESCRIPTION OF THE SERVICE OR ITEM BEING SOLD OR PURCHASED
    
    The price or price range we have agreed upon is: PRICE OR PRICE RANGE
    
    My Discord ID is: YOUR SHORT DISCORD ID/DISCORD TAG ~ YOUR LONG DISCORD ID
    The Discord ID that I'm talking to, that I assume is you, is: THEIR SHORT DISCORD ID/DISCORD TAG ~ THEIR LONG DISCORD ID
    
    If this seems unfamiliar to you, or the Discord ID's do not match up - please reply to let me know and avoid carrying out this trade.
    
    Thanks,
    YOUR USERNAME
    Below is an example of what this PM may look like.

    Code:
    Hi Harry
    
    I'm messaging you to verify that we are discussing the trade or fulfilment of a service/services or item/items. The service/services or item/items in question is:
    Fixing your teleport system
    Making your pathing work correctly
    Fixing your grand exchange
    Adding the King Black Dragon
    
    The price or price range we have agreed upon is: $150 - $250
    
    My Discord ID is: corey#2147 ~ 174170745469927424
    The Discord ID that I'm talking to, that I assume is you, is: Harry.#0001 ~ 174565005965000704
    
    If this seems unfamiliar to you, or the Discord ID's do not match up - please reply to let me know and avoid carrying out this trade.
    
    Thanks,
    Corey

    Resources

    I'll update this section as I get more resources that I think will help. I'll bump the thread when I do, so you can stay updated.

    https://text-compare.com/ - Used in this post to outline a method of finding an impostor who has the same Discord Tag as the user they're impersonating.

    https://discordia.me/developer-mode - A site that will help you enable developer mode on multiple devices


    https://discord.id/ - Let's you check a Discord users UNIQUE ID and tells you their current profile name. Should help outline any foreign characters. An example is someone trying to imposter 'Sander' below:



    How he looks on Discord:



    Thanks for reading & stay vigilant,

    The Staff Team
    Last edited by Jay Gatsby; 07-16-2020 at 04:25 PM.
     


  2. #2  
    So when I'm free, I'm free


    Jay Gatsby's Avatar
    Join Date
    Jun 2010
    Posts
    2,307
    Thanks given
    1,148
    Thanks received
    1,982
    Rep Power
    5000
    Added an additional resource to help check whether there are hidden/foreign characters in a Discord username. Please stay vigilant with this folks! It takes 5 minutes to do some extra checks but if you don't you could lose out on a lot of cash!
     


Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •