Category: Scams

Scams – Fake Hacker and Account Recovery Scams

Scammers try to fake being hackers to get money from victims looking to get their accounts back. Learn about signs of these scammers and how to avoid them.

Scams are everywhere, especially on social media platforms. Bots go around looking for Tweets containing phrases such as “I got locked out of my account” or “My account was suspended”, and claim you should message a ‘hacker’ to get it back. As we will see in this article, all of these hackers are fake, and they will just take your money and run.

Important

If you do have a locked account, do not approach these ‘hackers’, they will ask for money to ‘recover’ your account. In reality, these hackers do not exist, it is a scammer who only wants to take your money.

If you did have one of your accounts locked and a scammer approached you about it, ignore them. The only way to recover your account on any platform is to contact the company you registered the account under. It sucks, but it’s the only way to do it.

Quick overview

In this scam, the scammer will attempt to:

  • Have you initiate a conversation
  • Ask you what accounts you want ‘recovered’
  • Ask for money, then run away with it

The scam

This type of scam happens on social media platforms such as Instagram or Twitter. Though companies such as Twitter have anti-bot measures in place, and they work somewhat well from what I have seen.

The scam starts with one of two things. The first is if you post something such as “I got my account suspended” on Twitter, you will get around 5-10 replies instantly from supposed ‘hackers’ or people recommending these fake hackers.

For privacy reasons, I have to remove the names of the bot accounts. While they might have been created for the sole purpose of replying to people’s tweets, they could be hijacked accounts that once belonged to real people. Ironic, isn’t it?

Sometimes people will write things such as “I got my account locked, can you help me?” replying to one of Discord’s tweets. These scammers have bots which will look for replies to this tweet and attempt to attach themselves to the thread.

While these scammers did raise several red flags, I will not be pointing out the mistakes they made for the sake of not making these scams better.

Introduction

I contacted one of these fake hackers. Note: I am not liable for anything you do. If you are going to do this, do not use your real name. Make sure that any information on the account you use to contact cannot be traced back to you. While it is unlikely that one of these fake hackers will go after you personally, it is safer not to risk it.

The conversation I had with the first scammer on Twitter was long, so I will not be posting the entire conversation.

I will be blurring out details. The username I gave the scammer is fake, but I want to blur it just in case.

Note that any spelling mistakes were intentional on my end. If the image is too small, right click and open in new tab, or just drag the image to the new tab spot.

The scammer starts off asking for my username. In reality, he just sits there for a few minutes pretending to lookup my information.

After two minutes, the scammer got back to me, saying that my account, which does not exist, is recoverable. He then asks if I want to get the account recovered, which I would assume anyone would want, only to reveal that he needs me to pay $60 for “template software” to recover the account.

Of course, there is no such thing as software to recover accounts. In this instance, the scammer attempts to confuse the victim by throwing out words that sound important. Phrases such as “template software” are basically nonsense words.

I wanted to have a little fun, so I asked if $1 was enough, and he settled with $40 instead. Needless to say, I am a master negotiator now.

The conversation goes on for another twenty screenshots worth of pages. He states that I should refer my friends to him for a discount, trying to get even more money out of innocent people through referrals. I think once most people figure out the scam, they will not refer him to their friends.

Reeling in the victim

Of course, no good scam is complete without trying to get money from the victim. This is a lower stakes scam, unlike social security scammers, who try to tack on as many zeroes as they can.

I asked if I could pay with cash, but that was obviously out of the question. He would never do this of course, but I was hopeful. Instead, he suggests that I pay using Bitcoin. I decided to not go for this route, because depending on how he has it setup, there could be no ties to him whatsoever.

I chose to go with a different platform that I could report to the company. While this will not stop the scams, it does slow them down.

He asks if I can go on WhatsApp instead, which probably means that he is afraid his Twitter account will be suspended soon. Moving to a different platform means that even if his Twitter account is suspended, he will be able to continue with the scam.

After realizing that I do not have WhatsApp, he then asks for my phone number, which a scammer could use for many reasons. I wouldn’t put it past these scammers to use any means necessary to get money out of their victims, so I did not provide a phone number. Maybe in the future I will if I get a burner phone.

I asked him to reveal my own phone number. If he was the great hacker he says he is, it would be no problem; however, he said that for technical reasons, he is unable to get my phone number because of software problems. Sound like a fancy way of saying “I’m a fraud”.

He asked me to pay him through a different app, and to put the reason of the transfer as “gift”. This is likely to avoid triggering anti-scam detectors that have been put in place by these apps.

Unfortunately, I forgot to record my messages with the Instagram fake hacker, but it went more or less the same way. From what I can tell, these companies are taking action on these bot accounts, when I checked back this morning, they were suspended.

Conclusion

While scams cannot be stopped, it is important to know about them. Send this article to your family and friends so they know how to avoid scams.

Bookmark our blog, we have more articles exposing scams coming out soon! If you want, you can also join our Discord Server.

If you were contacted by a scammer, or want to report scams for me to investigate, feel free to contact me on the Discord server above, or email me at [email protected]

NFT Scams – Signs and How to Avoid Them

Scams are everywhere. In this article, we’ll be focusing on NFT scams floating around on social media platforms.

Scams are everywhere, and social media platforms are a prime target for them. As part of the TempMail.lol scam articles, we will be focusing on online scams, signs of them, and how to avoid them.

Quick overview

In this scam, the scammer will attempt to:

  • Try to get your interest as a ‘financial expert’
  • Attempt to get you interested in buying cryptocurrency or NFTs
  • Ask you to send money to them, then runaway with the money once paid, or ask for more money

The Scam

This particular scammer was inexperienced, he was quick to send me his details to try to scam me out of money, and made several mistakes about what he was trying to scam me out of. For the purposes of not making these scams better, I will not be pointing out these mistakes.

The scam starts with a user friending you on a platform such as Discord; though, this is just where it happened to me, it is possible for this to happen on any popular social media platform.

Introduction

The scammer starts by adding you as a friend, usually from a mutual server (if you are in public Discord servers). Since my username starts with an “a”, I am high up on the list of members. Afterwards, they usually do not initiate a conversation, they wait for you to start it.

Here is the beginning of the conversation I had with the scammer (note that my first message “yes” was due to his friend request). It is highly likely that the scammer’s name is faked; however, I cannot take such a risk.

Image transcription:
Me: yes?
Scammer: How are you doing, nice to meet you .
Me: good, what’s up?
Scammer: I’m Harrison and I’m from Texas United State, I deal on NFT and Crypto have you had of any before?
Me: i’ve heard of it but haven’t gotten into it
Scammer: Have you heard of NFT craft investment where You can purchase NFT craft from us today at the sum of $7,000 and sell it in one week time with the sum of $60,500.
Me: sounds sketchy
Me: sorry for my late responses, i’m away from my house right now
Scammer: NFTs are only profitable because they are one of a kind, if I were to show you, you could screen shot than be rich

Needless to say, this sounds sketchy from the get-go. I have never been one to invest in NFTs, so even NFTs through legitimate channels seem sketchy to me.

The scammer hopes to get your attention by throwing out big numbers, and promising that if you pay, you will get large rewards in return; however, as we will get into later, the scammer will up and run with your money, and you won’t be left with the JPEG you were promised.

Reeling in the victim

After getting a conversation going with the victim, the scammer will attempt to get the victim to send money to them. They will start with a price around $10,000, expecting the victim to back out, only to ‘concede’ to a lower price. You can see the same tactic used sometimes by salespeople, though legitimate salespeople and scammers are very different people.

In my case, the scammer asks how much I want to invest, basically saying that I have control over the entire transaction. The scammer will do this to attempt to gain trust with the potential victim.

Image transcription:
Scammer: NFTs are only profitable because they are one of a kind, if I were to show you, you could screen shot than be rich
Scammer: And I can’t let that happen unless we have a fare trade
Me: i don’t get it
Scammer: It is very easy to make money., and all you have to do is send as much and reliable way too money of your choice and you will get a custom NFT that you could wait 5-10 days to sell And you could make millions after the investment (shrugging arms emoji)
Me: do i give you the money? sounds kind of strange
Scammer: Are you interested, let me tell you the correct NFT that is in sell at the moment?
Me: sure! sounds interesting
Scammer: Currently on sales now a Gorilla that could go for about $98,683 after about 1 week
Scammer: That would be for $11,081 right now, But I can sell it for you in the sum of $9,500, Can you afford this?
Me: i mean i can but that sounds like way too much
Scammer: Alright how much would you like to start up with ?
Scammer: You say
Me: maybe $500?

The scammer intentionally goes overboard with the price, then lowers it to make it seem more of a deal, even though no matter how much you pay you’ll be scammed out of your money, whether it is $500, $9,500, or $11,081.

Collecting from the victim

After I said that I would pay $500 (which I would never do), the scammer’s eyes lit up like dollar signs in a cartoon, and he eagerly sent me options to pay. Etherium and Bitcoin would be hard to trace, especially if he was using a separate address per victim, so I decided to go with PayPal since I could report it to get his account shut down.

I claimed that I did not own cryptocurrency (it’s the truth!) so I could get his PayPal details, and he copy/pasted a response right to me, asking me to send $500 to that address.

Needless to say, I’m going to blur out the scammers details, even though it is likely a temporary email and a prepaid phone number (by the way, we run a temporary email service! Check it out here). The scammer also states that I must put the reason of payment as “gift”, this is likely to avoid any kind of anti-scam measures PayPal has put in place.

Image transcription:
Scammer: Alright
Scammer: How do you want to make your payment? Bitcoin wallet PayPal ETH…
Me: paypal would probably be the easiest
Me: i do not own cryptocurrency
Scammer: [redacted paypal information]
Me: [trollface emote]
Me: caught in 4k man
Me: hook line and sinker
Scammer: Once you made the payment please take a screenshot and sent it to me immediately
Scammer: Alright

Granted, I could have trolled him a bit more by saying things such as “PayPal blocked my payment” or “How do I know you are who you say you are?”, I decided it was time to end the scam.

Though it was immature of me to send a trollface emote and my other two comments after that, I wanted the scammer to feel like his time was wasted interacting with me, and maybe make him think about making an honest living in society, rather than trying to scam innocent people out of their hard earned money.

Bonus: after looking up the phone number, I discovered that it belongs to an actual carrier in the United States, and not a VoIP service as I initially thought. I will edit this page if I discover more on this.

Edit: after looking some more, the area code listed is in Texas, which leads me to believe this phone could be hijacked with malaware in order to receive verification codes.

Conclusion

Want to stop scams like this? Send this article to your friends and family to warn them about scammers, and what kinds of tactics they use to bring in victims.

If you want, join our Discord Server, and bookmark our blog so you can stay up to date with the kinds of scams flooding the Internet these days.

If you were contacted by a scammer, or want to report scams for me to investigate, feel free to contact me on the Discord server above, or email me at [email protected].

Stay safe out there!

HTTPS – Secure Websites are not Always Trustworthy

HTTPS, while secure, does not mean a website is legitimate. See how scammers obtain secure websites to trick potential victims.

We’ve been taught that secure websites (those that start with https rather than http) are more trustworthy than those that do not. While this has some validity to it, this is not always the case.

HTTP vs HTTPS

HTTP (Hyper Text Transfer Protocol) and HTTPS (Hyper Text Transfer Protocol Secure) define how websites are transferred from the server to you, the client. HTTP sends data unencrypted, anyone who has an antenna at the right frequency, a line listening in between the router and the Internet provider, or any of the other steps along the way, can see exactly what you request, and what the website returns to you (this can include personal information), which is why HTTPS is used now.

HTTPS encrypts your data, so information you send to the website (such as your name, credit card details, etc.) cannot be intercepted by hackers listening in on the conversation; however, this does not make the site trustworthy.

For a site to use HTTPS, they must first acquire a certificate from a provider. There are some providers (such as Cloudflare) that are free, which can allow scammers to host a (now secure) phishing website. While services such as Cloudflare do take down phishing scams, often they have already moved on to another scam, making them difficult to stop.

What does this mean for me?

While it encrypts your Internet activity from you to the website, HTTPS does not mean that a website is secure. Scams are everywhere, and scammers are easily able to obtain certificates to secure their website, making it look legitimate to potential victims of the scam.

Online scams usually have several red flags. If you see some of these red flags, you should leave the site instantly. As part of the TempMail.lol blog, we will be releasing several articles on scams on the Scams category with information on how the scam works, signs of the scam, and how to avoid them. Stay tuned!