I spent some time creating this mind map to sum up everything you’d want to know about the scam messages, as well as the common theories. I will try to keep it updated. If you have anything to add to this or critique, please let me know.
Might take a while to load, it’s a very high res image. Here’s a link alternative: https://files.catbox.moe/csls12.jpg
This should be obvious, but due to the recent developments I want to have this here as a warning:
Don’t send the scammer any money, even as a joke.
You must log in or register to comment.
I got one with crypto addresses for “donations” for the first time today. That seems to be a new addition, messages from 2, 3, and 5 weeks ago didn’t have them.
I have also received some “alternate” versions from pseudo-random usernames (ones not on your chart) from the sh.itjust.works instance. Mostly the same copy as always, but delivered entirely in an image rather than image+text. Thought that was interesting.
The crypto adresses are back? As far as I’m aware, they were being sent out a week ago, but then stopped again. God damn it. But yeah, I have to add the new usernames
I can add a few data points… https://lemmy.ca/u/fujinamilo was the nicole spammer on lemmy.ca, they used this account to test getting through filters. They logged into it from a VPN, and logged out (destroyed their session) when they were done.
They seem to message in batches of users, notice how both batches went to the same users in the same order at the top here: https://lemmy.ca/pictrs/image/b40f9e02-a162-4e56-8b5e-79b563a786c9.png
They like to spam the same users repeatedly: https://lemmy.ca/pictrs/image/ffd36fbd-2452-4806-960a-6d291b9c6d1a.png
Seeing as they actively joined lemmy.ca and tried to get through my filters after I made a post about them, it’s reasonable to say they’re watching us and probably having a lot of fun playing with everyone. Have we tried just asking for an AMA?
It’s kinda interesting that they seem to be targeting specific users, glad your filters are working.
I really want to know how people are being targeted. I’ve only received one, have zero idea if it was a specific post or community? I think mine was after a post rather than a comment, but I can’t recall.
i love everything about this… huge diagram fan…
my only criticism is the lack of mbin… ive been nicoled ~5 times directly on an mbin instance.
only really pertinent because im on a small instance with ~ 180 user accounts. how does she knooooow
Can confirm: Also mbin, also been nicoled
Also Mbin, also had Nicole spam
The first one I received here was about a month ago from “missy29” at lemmings.world. Body of the message still said “Nicole” though, with some very early boilerplate text.
For completeness sake, I’ve also gotten from a nicole101 and a nicole40.
What tool did you use btw. Looks amazing.
Edit: oh ok, figma.
What Mindmap software is that? It looks really cool
Not FOSS sadly, but this is FigJam on figma.com.
… figma … FIGMA BALLS
(I can do that, I’m a mod)
in friendica, her profile shows a work address
If Nicole is the victim of harassment then we probably shouldn’t post this.
If we could get the IP and email addresses from instance admins it could help figure this out.
Not all instances require an email. For example we don’t.
What % of the instances these are coming from are instances that require email also would be a good thing to collect.
Most of the used instances are abandoned without active moderation and even with the email requirement, there isn’t a built-in way for lemmy to filter out temp mails. The abused instances are unlikely to have automod running.
Is it perhaps someone rolling out a relatively harmless spam across Lemmy to get Lemmy to improve its moderation tools?
The picture doesn’t seem to be AI, and it’s unlikely to be the person from the picture. I highly doubt someone would use an innocent person’s face for spam across the fediverse for the sake of improving security.
Especially because the security against spam was always going to be put to the test no matter what.
Possibly, but I think this is off the table since they added crypto addresses
I mean if i was doing this I’d add crypto addresses just for the lols, and wouldn’t actually expect any.
The crypto scam may be a copycat. If you sort by new in this community, the latest messages don’t have a crypto address in it.
Possibly, but I think there was also proof provided by multiple people that it is real. I think it’s not only in the messages, but also on the matrix server.
