About lack of safety at the forum and the factual infestation by the scammers here!

I’ve read that you managed to reset your recovery phrase for the Internet Identity. That’s good.

There were also not additional passkeys that have been set in the meantime, did you double checked?

Regarding the ledger, maybe because you mentioned it is a hardware wallet, it is less of an issue with that device since the scammer would also need to physically obtain the device, which is unlikely. I’m curious to hear what others will say to the follow up thread you opened: https://forum.dfinity.org/t/how-to-change-recovery-phrase-for-a-cold-wallet-without-losing-control-of-staked-icps/33173?u=peterparker

Thanks for your help!
Yes, due to your timely assistance I have been lucky enough to manage to wiggle out from this crafty phishing attack.
I think I will not be able to change seed phrase of my Ledger controlling my staked ICP. But it will not help those villains to rob me.

It was a good lesson for me! And your prompt and aptly help was a very psychologically, among other things, stabilizing influence - exactly what was needed at that moment!

1 Like

Glad to hear I could be of any help!

If anyone has any advice on what additional things could be done here, please share.

Regarding suspicious messages people may get: You can flag DMs just like any other message. The three dots below the message unveil additional options, and then you can flag a DM that you suspect contains a scam link.

We (the forum admins) will gladly ban any scammers you may get in your DMs, and if it is not a scammer we can also tell you that

Also, I banned the user that messaged you originally (not only based on @kilemar’s report above, I saw some stronger evidence than word of mouth).

Thanks.
I have flagged the second scammer DevJerry right now who still has not been banned.

One more suggestion.
The first scammer by name Sandeep1 had under it word “SUPPORT” visible when I clicked his name to see his personal details. Now I understand that it is a nickname or something like that.
It was giving an impression that he was somebody from some kind of support.

I had clicked his name to check his personal details and they were clearly very short term and unimpressive. I should have got more suspicious then. But I had written it off on a possibility that he could be a new team member which could be possible. The decisive influence was that SUPPORT attribute.

The second scammer DevJerry did not have any additional misleading words but just “Jeremy”.

I think the forum has to make it impossible for a member to arrange an attachment to his/her name of any false attribute like in this case “SUPPORT”.

No one should to be able to misrepresent oneself by this means!

In addition, since de-facto this forum has become a very profitable hunting ground for scammers it would be very useful to send all new and old members a link to a catalog of all known cases of attempts to scam with detailed description and a list of all possible measures to fight them back. Maybe it would be good to have a separate rubric or a category of topics.

I would introduce a special badge for reading that information - “Master of safety”! May be even with a minimum competency test after it. I would send this welcome link to all new members for sure!

Since judging from my personal experience in cases of being scammed time and awareness of possible efficient counteractions is of essence it is a DIRECT OBLIGATION of the forum to take this safety measure seriously. We ALL are dealing with A LOT OF MONEY here and for some people it is matter of personal fortunes. Therefore any childish or infantile pretense that at this forum all is safe and peachy is real NEGLIGENCE and FIDUCIARY ineptitude if not a collusion with the scammers.

Right now I received the 3-rd phishing attack to my postbox:

finity_modrator

" Hey @kilemar ,

A support ticket UI:7463 has been created for you and sent to the support team regarding your inquiry. Connect through the [admin edit by @Severin: censored URL to prevent people from falling for the scam] live support page for a step-by-step guide on how to recover your ICP.

Click on the live chat icon at the bottom corner of the page to initiate chat"

And judging from the fact that all of them gave links to a different interfaces they are all independently operating here. I wonder how many of them are at this forum?

So, clearly, I consider the fact that after so many years of existence of this forum no efficacious prophylactic measures which I have offered to introduce in this post have not been already taken by the forum indicate a circumstantial evidence of collusion of it with the scammers!!! I do not consider myself the smartest person around who could in just two days figure out what HAS TO BE DONE to make it almost impossible to continue to scam members of the forum of their hard earned money!

No, I am not joking or exaggerating!!!

My logic is undeniable. Honest people in all cases when real money is involved do not hesitate to OPENLY demonstrate their concerns for safety. No sane person would consider presence of an armed guard at the bank brunch as an inappropriate measure rather on the contrary - an absence of one could get an cautious man uneasy.

I am thinking now how those scammers are reading what I have written so far and laughing out loud at my futile attempt to hurt their chances to succeed knowing very well that nothing will be done here about really ensuring safety!!!

I guess I have written enough to get banned by the forum team!?
Because the choice is clear it is either to promptly implement what has been suggested or to remove this thread and ban me to pretend that nothing bad has happened. I personally would bet that it will be the second implemented!!!

I have tried to search “safety at the forum” among topics of the forum and no one of the 33 results showed anything dealing with the fact that the forum has become a very profitable hunting ground for scammers. Is it just an accidental circumstance or it is by design?

Discourse (our forum software) does not allow filtering the ‘name’ field of a user. We’re checking if we can disable this entirely for new users.

The other thing we could do is disable DMs, but that also affects a lot of legitimate use cases. We’ll see if we can restrict DMing for new users for a few days.

Why? You didn’t attack anyone with ad-hominem insults, you didn’t try to scam anyone. I’m not a fan of the writing style, but that’s a personal preference and obviously not an offense against the rules.


We honestly try to do our best. We actually agree with a lot of what you say and are frustrated by the situation too. Just to illustrate that we do a fair amount of moderation: In this thread alone we already banned three scammers in the last 24 hours.

So far we have not removed the ability to DM because we think having the option is valuable enough for legitimate use cases.

Because of this thread, we actually poked around the forum settings a bit more and now configured it such that you need trust level 2 to add external links in your posts/DMs, and raised some DM requirements. Let’s hope this helps a bit.

We have implemented some additional controls, and restrictions on the forum which will limit the ability of users to perform certain actions that are frequently abused by scammers to send phishing links. I don’t want to go into detail about what they are but we anticipate that they will greatly reduce the amount of phishing messages going forward. @kilemar You requested limiting users ability to edit their “title” however this isn’t possible in discourse. However, the new changes should still limit phishing attacks even though titles can still be changed.

So, if my understanding is correct there will not be any prophylactic informing of the forum members of phishing attack scammers. They will have to figure out all this at their own risk and expense? Only after the attack.
To draw an analogy it is similar to the puritan’s policy of very strict but extremely limited sexual education of children. All in name of protecting morale, of course! By this manner of informing everyone about STD is learning exclusively by his /her own experience.

Way to go!

I personally am not afraid of scammers!
I am just expressing my disappointment at the fact that this forum presented me with my fist experience with the phishing attack. Three of them in a row within one day! And all this just because of my as it turned out absolutely unfounded belief that at least at a crypto forum administration has taken all the reasonably necessary and easy measures to protect its members.
Now I will know better!
The only REALLY necessary measure is just giving a timely warning to a new member that at this forum there is scammer’s presence and presenting the most common tricks of theirs.

You should not expect this for any forum since there is no way to know beforehand who is a scammer if they join with an email that isn’t blacklisted.

The best a forum staff can do is post information somewhere so that users are aware of potential scams. And then of course ban those that try to scam users which usually happens after the fact, assuming someone reports it.

Have you read what I have suggested?
It was:
“The only REALLY necessary measure is just giving a timely warning to a new member that at this forum there is scammer’s presence and presenting the most common tricks of theirs.”

Please, explain why exactly I am not right on this! Thanks.

You added that part in later on as an edit so did not see it when I first read your comment.

Anyways, it’s a good idea. Good luck.

Actually, even earlier I had wrote the same. It is easy to see in my previous posts.

“In addition, since de-facto this forum has become a very profitable hunting ground for scammers it would be very useful to send all new and old members a link to a catalog of all known cases of attempts to scam with detailed description and a list of all possible measures to fight them back. Maybe it would be good to have a separate rubric or a category of topics.”

I think your point could be made without the exaggerated conclusions (ahem…insults) of this forum “being profitable for scammers”

When a polite person see something clearly disgraceful he/she finds appropriate terms to comment on it.

" I do not consider myself the smartest person around who could in just two days figure out what HAS TO BE DONE to make it almost impossible to continue to scam members of the forum of their hard earned money!

No, I am not joking or exaggerating!!!

My logic is undeniable. Honest people in all cases when real money is involved do not hesitate to OPENLY demonstrate their concerns for safety. No sane person would consider presence of an armed guard at the bank brunch as an inappropriate measure rather on the contrary - an absence of one could get a cautious man uneasy."

My point is that since NOTHING will be changed in this respect then, willingly or not, the forum is helping those operators to stay profitable! Logic is logical!

If you can explain about what specifically I am not correct, please do it.

Your logic is so undeniable that you gave away your passkey to a stranger. Bravo :clap:

I hope this thread gets locked up because it’s turning into a broken record repeating the same ole insults to the forum.

1 Like

Unfortunately, even absolutely logical person can by fulled if has been caught in situation where he/she feels can trust. Because it is not a matter of logic but of psychology.
That is specifically what needs to be prevented IMHO. And it seems it is exactly why it will not be done, at least according to my logic!
So, yes, I expect it will be deleted! You are absolutely right.
By that it will just prove my point about the collusion, willing or just by negligence!
I think that for a victim of a scammer there is no big difference, would you agree?

Unfortunately I feel like this might be part of the issue.

My best advice for people new to crypto, like you, is:
1)Never answer direct messages.
2) Never give our password / seed phrase no matter what.

Glad you didn’t lose anything but it’s everyone’s own personal responsibility to safeguard their assets.