I'm Being Impersonated on Twitter. Have I Arrived?
I often see pathetic attempts by cryptocurrency scammers replying to tweets from well-known members of the cryptocurrency space about some "give away" they are doing. They copy the entire profile of the person they are impersonating in an attempt to fool people into doing stupid things.
DO NOT GIVE ANYONE YOUR PRIVATE KEY.
Don't send them cryptocurrency hoping for some too-good-to-be-true event to happen in your favor.
Don't be stupid.
In the last two days I've been impersonated on Twitter more than a half dozen times. I only have ~3k Twitter followers and yet they think I'm a valuable targer. Go figure. Here are the accounts so far:
lukestcokes
lukestookes
lukesthokes
lukebastokes
lukestbokes
lukestoknes
lukestokhes
lukestkokes
And they keep on coming. They look just like my actual profile so they are doing some work to scrape it:
When I first saw this on my mobile, I was freaking out and they were linking out to known scam sites trying to steal people's cryptocurrency.
At first I thought, after 10+ years running a secure, PCI compliant system, I had finally had one of my accounts hacked. I jumped off my couch to get to my laptop and immediately changed my Twitter password and disabled all applications which had access to my Twitter account. After calming down a bit, I realized my account wasn't compromised and these were just look-a-likes impersonating me and trying to get people to visit a scam site.
If you're not sure what's a scam site and what's not, go install MetaMask and MetaCert's Cryptonite.
And yes, that is my real Twitter account, the same one tweeting about Bitcoin since 2013.
I kept reporting and blocking them.
That's when things got a little weird.
Twitter Teaches Phishing
I started getting emails telling me to upload a picture of my photo ID to this page:
That looks exactly like a bad phishing attempt. The domain isn't Twitter at all! It appears to be a Salesforce account for "twitterinc," but nothing about this page gives me any sense of security that I'm actually talking to Twitter! If someone asked me about this, I would think it's a scam for sure! Impersonate someone in an obvious way, then send them an email asking for their identity documents, then use those docuents to really steal their identity and/or get access to their accounts.
Scary stuff!
I tried to verify the domain is legit, and there isn't much out there to do that.
Spam404 (?) says I can trust it but nothing from Twitter?
I started to see a pattern when I replied to one of the emails and got a reply from Twitter support with the same case number (automated, of course).
I then checked the original view of the message to see it passed SPF, DKIM, and DMARC:
Those are methos of ensuring this email did actually come from the mail servers at Twitter.com. If you didn't know, email from addresses are very easy to fake, so don't trust the from address in an email you receive unless you can track the actual server details, it's been signed with PGP, or you have some other mechanism like SPF, DKIM, and DMARC.
Eventually, I had enough confidence to actually upload my ID and eventually got this email confirming it was legitimate:
That, and the account was removed.
So as amazing as it sounds, twitterinc.secure.force.com is apparently the real domain for uploading your secure documents to Twitter to get impersonation accounts deleted. I really hope they fix this and get an A record so they could do something like secureupload.twitter.com. Anything would be better than this. It teaches people to give over private information to sketchy-looking websites. That's not a good thing.
I talked to a friend of mine who works at Twitter via DM, but he didn't seem too concerned about it. I hope they realize this is a big deal in the cryptocurrency space because people are getting scammed daily.
If you want to follow the drama as it happened on Twitter, see this thread.
Stay safe people. Hackers are out to get you, and the only chance you have is to get educated and stay vigilant. Use tools like MetaMask and MetaCert's Cryptonite. Always double check the URL. Use a password manager like 1Password or Lastpass.
If you're in the cryptocurrency space, you're a target as we found out when they got our eosDAC YouTube channel removed. Only you can protect yourself when you are your own bank. I hope this page will help people in the future know what to do if they get impersonated on Twitter.
If you have any questions, please let me know, and I'll help if I can.
Way to go! Mission accomplished. ;)
Hi @eeks! Sorry for messing around in your comments.
I just wanted to advertise my voting service @tipU which you might be interested investing in. That's because @tipU pays out 100% of profit and extra 50% of curation rewards to all SP delegators and investors.
You can find more info here. Please accept this in return: @tipU send 0.1 sbd tip (@tipU can also send tips:)
Hi @eeks! You have received 0.1 SBD tip from @cardboard!
@tipU is looking for SP delegators: pays out 100% of profit to all investors - more info here.
@lukestrokes there are hundreds of Scammers on the basis of ico and airdrop things, someone just need to be extra careful. There is no free launch.
Ha! Congratulations(?) on being targeted, especially by geniuses with such wise words to share with the world like "Life is a kaleidoscope" and "Loneliness is a beautiful thought". I mean, who comes up with this stuff?
Although, I don't know, lukebastokes kinda has a nice ring to it!
I don't know how people still fall for this obvious scam, but they do. Thanks for shining a light and trying to fix it.
He's becoming popular :)
The real @lukestokes 'arrived' years ago, this must be an impostor! :D
Yeah! I'm referring to the real one.
Wow , everyday witnesses and the whole of Steemit platform keeps the fights against phishing so seriously that some of those witnesses hardly have time for them selves. The warnings goes out everyday and we all have to be smart and be vigilant. Don’t click foreign links, don’t give your private keys to anyone and lots more are being echoed everyday. The damage phishing causes could possibly ruin a financial system of an individual or a group of companies. Thanks for the warning and the awareness. You just saved some wallets
This is really bad, happy that the scam accounts has been removed. The lukestcoke account made me laugh, maybe they want to sell coca cola coin to people using a popular name. Everyone should be careful cos they are people out there who don't believe in hardwork and only want to take from the sweat of others.
Imitation is the greatest form of flattery! Clearly your name holds weight in many circles
It will never happen to me. I mean the impersonation thing! Not famous enough at all.
While it could be flattering it still is apparently a hassle to fight against it. For sure, if you need a site which appears to be a bad phishing site. I also wouldn't wouldn't have trusted after seeing that somebody else tries to make money by using your name!
Yeah, scammers are in a continuous look for different ways to catch people that are not careful/informed enough. Another thing that I simply love at this place is the way people can identify themselves, because if you hold the private keys of your account, you can prove your identity just making a post. Nobody will be able to create an account with the exact same name, and if they make one with a pretty similar name, they will not be able to reproduce the reputation of a whale or dolphin so easily and eventually soon they will be flagged to nothing.
Look at the bright side, you are an important person who deserve the attention of a pretty big audience, since your account is replicated by scammers :D
Now you know your famous when people want to be you but still very scary, they want what you have. Hope you can get these people deleted and sorted out.
Really bad, and the world we live in. Unfortunately..thank you..