How @discord is a scammers paradise 🏝
A story /🧵 on how the lack of a trust layer 🤝 for the internet creates a breeding ground for scams / scammers with #red flags 🚩 to watch out for along the way.
A story /🧵 on how the lack of a trust layer 🤝 for the internet creates a breeding ground for scams / scammers with #red flags 🚩 to watch out for along the way.
1/ First, some team background. A lot of our team have backgrounds in fraud prevention / #investigation 🕵️♂️ which we’re extremely lucky to have as it prevents 🛑us falling for what you’re about to read.
2/ Around 2 weeks ago we were approached for a transaction via someone out of the blue on @telegram.
We’ve had plenty of these reach outs be incredible so only a small 🚩 here.
We’ve had plenty of these reach outs be incredible so only a small 🚩 here.
3/ Myself and our excellent CFO, @javkhattak discussed between ourselves whether it made sense and agreed it had upsides for us so pending negotiation would go for it. 👉
4/ After some pretty relaxed negotiations, we reached an agreement and decided to get down to #KYC (know your customer) and paperwork 📝 so we knew who we were dealing with properly, which is when the red flags started to appear.
5/ 🚩1: other party, “let’s just do the transaction then deal with the paperwork afterwards”.
We’ve seen this before but it’s just not the way we do things at @cheqd_io so pressed for KYC docs and a signed agreement before going any further.⏭
We’ve seen this before but it’s just not the way we do things at @cheqd_io so pressed for KYC docs and a signed agreement before going any further.⏭
6/ 🚩2: whilst the other party’s passport looked legitimate, their proof of address was out of day by a year.
When challenge they were on “holiday” which made for 🚩3.
When challenge they were on “holiday” which made for 🚩3.
7/ To feel comfortable with the proof of address, we asked for a selfie of the other party with their passport which they did do.
8/ 🚩4: Whilst we were seeing red flags by now, we sent the agreement over on good faith. When this was signed within a few minutes without negotiation or feedback, we knew where this was going! 🙅
9/ After this we decided to play along to see how they would attempt to scam us. The 🚩s started coming thick and fast. 🚩5 was the request to switch to @discord, aka scammers paradise.
🚩6 was a sudden increase in speed and pressure as we approached close.
🚩6 was a sudden increase in speed and pressure as we approached close.
10/🚩7: Then appeared a new partner of the other we had never spoken with before in the group chat we had both joined (or so we thought, more on this later!)
🚩8: They proposed one of myself and @javkhattak as an escrow rather than a known independent organisation who we knew.
🚩8: They proposed one of myself and @javkhattak as an escrow rather than a known independent organisation who we knew.
11/ This is when the fun really started. By now, myself and @javkhattak were on the phone together to see how things worked out.
I volunteered and we started working through the transaction steps.
I volunteered and we started working through the transaction steps.
12/ 🚩9 was more of a 🚨, since myself and @javkhattak were on a call, the only message we needed to share were for the #scammer’s benefit which meant we quickly spotted messages that neither of us would need to write to each other or were factually incorrect.
13/ This was the moment we had been waiting to investigate the #scam process🕵️♂️.
Drumroll!🥁
We had been invited to separate chats in discord with a fake Fraser and fake Javed respectively with the username and profile pictures spoofed to look like each of us.
Drumroll!🥁
We had been invited to separate chats in discord with a fake Fraser and fake Javed respectively with the username and profile pictures spoofed to look like each of us.
14/ To be thorough we kept going and lo and behold, the wallet addresses I was sending in one chat were not the addresses that Javed received in his chat.🚨🚨
We had our proof! 🔎
We had our proof! 🔎
15/ I had to leave for an excellent AMA with @CosmosClub_ and left @javkhattak to break the news that they had been rumbled 👀.
They played dumb to the last accusing us of attempting to defraud them, even after myself and Javed invited our real selves into both chats!
They played dumb to the last accusing us of attempting to defraud them, even after myself and Javed invited our real selves into both chats!
16/ Reflecting afterwards, we still had more controls to prevent falling for this, e.g. checking addresses with each other over a channel we trust, e.g. a call, but thoroughly enjoyed playing along 🎭 once we sussed it was a scam and having our gut feelings confirmed!
17/ This is the same modus operandi that targeted @opensea users:
bleepingcomputer.com/news/security/…
bleepingcomputer.com/news/security/…
18/ Two items before we wrap up:
1. Every so often we have an experience that exemplifies why we do what we do at @cheqd_io, this was a perfect example, we need to enable trust and prevent this happening to others!
1. Every so often we have an experience that exemplifies why we do what we do at @cheqd_io, this was a perfect example, we need to enable trust and prevent this happening to others!
2. Would the community be interested in us documenting these flags and the scams to watch out for?
• • •
Missing some Tweet in this thread? You can try to
force a refresh
