!!DISCORD SCAM | IMPERSONATING DISCORD EMPLOYEES | BE AWARE!!
Okay. Hello, I usually do stupid stuff on here, like memes, or fanfiction. Obviously, this post is neither. This is a warning to any Discord users of a scam, and I will provide screenshots so that people can recognize and avoid it.
For the past couple days, I have been interacting with an account impersonating one of Discord's employees, because another hacked account in my friend's list (someone I have not talked to in years) reached out to me and told me they had accidentally reported my account for scamming/hacking (ironic, but I guess they're not creative).
(Initial interaction with hacked account (blue); profile obscured for protection. The account has since been blocked.)
This initial interaction did admittedly fool me within the first screenshot, because I hadn't talked to the person in years and the scammer was mimicking our past conversations, but I was skeptical of what they were asking me to do.
However, I just lost my job, have too much time on my hands, and am reckless with money. So I played along.
(Apologies for anybody confused with my behavior in the past 48 hours. Because they had access to my account, I did not know how much they could see of my activity across the servers. Ergo, I was playing up a confusion in said servers.)
The following screenshots are only portions of my interaction with the core scam account (I won't reveal information that would dox/harm me, of course). I will also explain, in great length, what it is they do, and how to recognize this scam to avoid it entirely.
THIS IS WHAT THEY DO.
Starting with the initial screenshots, I have highlighted grammatical errors that, in retrospect, do not adequately mimic how the hacked account spoke before.
The screenshot the scammer provides is of, what I suspect to be, a photoshopped email of Discord Support. However, similarly to the prior screenshot, I have highlighted the mistakes, and have supplied a screenshot of a genuine interaction with Discord Support (through a no-reply email) for comparison.
(Left: Fabricated email with the following mistakes respectively: Inconsistent narrative where the receiver of this email would be the hacked account, who did the reporting; Inconsistent format/spacing with username within brackets; No period; Closes a parenthesis with a bracket; (Nitpick) In a list, “furthermore” is unnecessary; No period.
Right: A legitimate email as example by Discord (for password reset).)
Once you friend the scam account, they will introduce themselves. This one is impersonating an employee of Discord.
(Given the scam account, I will unfortunately have the employee's name and profile picture up here, in case this account tries to scam again. From what I have found, this account does use public information that is visible on sites such as LinkedIn, which is specifically where I think this scammer got the information.
(As I will repeat later, DO NOT HARASS THIS EMPLOYEE. What I suspect happened is this account either a) hacked the employee's existing account, or, more realistically, b) fabricated an account using public information. As far as I'm aware, this employee has absolutely NOTHING to do with this scam, outside of being the ultimate victim throughout this. I may have lost money, and others too, but this employee's reputation is being jeopardized, so please, DO NOT ASSOCIATE HIS LEGITIMATE INTEGRITY TO WHAT HAS HAPPENED HERE.)
The following screenshots are of my interaction with this scammer. Pay attention to signs of a scam, such as grammatical errors, pressuring, and other manipulative behaviors which will also be clarified later. The other thing to pay attention to is the reason why I am writing this post in the first place:
The scammer's screenshots of Discord assets. This scammer mimics. Throughout the process, they utilize either photoshopped images of Discord's assets to give the scam a sense of legitimacy, or genuine screenshots of Discord's assets, out of context.
(Screenshots of my interaction with the scammer, throughout the dialogue.)
After introducing themselves, they will ask for you to change your email and give some excuse. (By this point, I was well aware that this was a scam. Obviously, I decided to go through with it to be able to collect evidence of a scammer that impersonates Discord employees, but I made sure that I was online for as much as possible so they weren't going to try and use my account behind my back for anything.)
Because this scam account didn't actually have my email address, they had to ask me for it in order to have the email changed. Because at this point, my account wasn't actually in any threat. There was no report on my account, and, this scammer is not associated with Discord. It does not have the power to just snatch my email from me--at least, not in the manipulative strategies the scammer was employing. This strategy is low-effort, because why spend so much energy taking money when you can just ask the person themselves to do it?
The following is the emails sent once I confirmed to the scammer my (other) email address (the second was sent because I was taking too long):
(Emails sent to me via scammer account mimicking Discord Support. Sections highlighted are false emails to watch for, and...an interesting timezone that is not in the US. At all.)
The moment you change the email, that is when the scam starts. Because they have it now. And what they do to simulate a "temporary suspension" is they go and change your settings to invisible, as a way to confuse you. Then, they change your name to "Temporary Suspended". (Yes, it's supposed to be Temporarily Suspended, but let's not tell them that.)
(Left: Me (VoltageStone, or "Temporary Suspended") in chat.
Right: My profile in "Invisible" within the member list. Other profiles obscured for protection; my profile is highlighted despite being within "OFFLINE", as designed for the "Invisible" feature.)
After this, within the dialogue between you and the scam account, the scammer will tell you something along the lines of: Don't message other people, because it will, more or less, interfere with the "verification" process. In actuality, it is because they do not want you communicating with other people using your "suspended" account.
When in fact, you can talk to people when you're invisible. A suspended account means you are locked out of it, and Discord will prompt you to login again.
They will also tell you that your interactions is being monitored my management. Now, this may very well be true, but it's not Discord management, it's likely their management.
(Within this part of the process, the prior screenshot where I say "i am in hell" is the only instance I spoke in any server. Outside of that, in order to play along, I did not speak to anyone given they had access to my account, and likely could see what I would be doing. I needed them to believe I was stupid and gullible, so I kept my mouth shut and got a second account so I could talk.)
Once they have you locked in, they will prompt you to pay them whatever amount they desire. For me, it was an initial $150. When that isn't apparently "enough", they ask for more. For me, it was $450 more.
Because they had me pay through PayPal, that doesn't include tax.
Once there is the inevitable issue in the payment(s), they will try to have you pay through another service. For me, the scammer claimed that a payment of $450 did not go through on their end (lies, of course), so they had me try and use Xoom.
Thank-you Xoom for being hell on Earth, because the next 2 HOURS of attempts did not work. Every transaction was cancelled. Thanks to Xoom, and thanks to my bank account.
And now my bank is a good one, so of course, throughout the several hours, there was a constant restriction for these payments. Because a bank knows what's probably a scam. Hence the difficulty on Xoom.
However, I did want to see this through, so...there were several phone calls to my bank getting these approved. Which yes, was stressful. And I did, in fact, tell the scammer as much, both to relieve said stress, but also to see if I could scare them into slipping.
Which I did. (I am not going to advise saying you should tell them that you "have already been suicidal" (I'm not), but it did the trick. The scammer slipped and forgot to format their replies.)
(A scammer told me to "calm down" after I "admitted" to being suicidal. Again, I am not. I wanted this scammer to panic. And they did.)
After Xoom didn't work out, we went back to PayPal, where a second $450 payment was made.
Essentially, what this scammer did was they had me pay a $150. It was conveniently "not enough" because...my account was more expensive, given the amount of time I have been on it, so the total value I had to give in order to "verify" was $600--or, $450 more was needed. There was (genuine) difficulty in one attempt for the $450, and it was refunded, so another attempt was given. This attempt went through on my end, because...it did go through, but it "didn't on their end." So, this scammer created a little ring of chaos to try and distract me from what was paid, had me go through Xoom, and tried to get me to pay there. When that didn't work, we went back to PayPal, where another $450 was given. After they swindled their money, they feigned difficulty with PayPal security, realized I was going to do something because I did catch on, and have since then not been active on this account. Their username was marked with "[Scammer]". And that's that.
By the end of this, I lost $1k. ...which is my bad, but whatever. That's on me. I realized I would be losing money from being a little rat pea brained investigator.
I do have my Discord account back, largely because I was able to let Discord support know of the scam, so as far as I'm aware, Discord does know about this. (I got a bot response immediately, and then someone from Discord Trust & Safety restored the email, and thusly the account, within 3 minutes. The authentic email that I used to compare to the scam's email is from this interaction.)
Be aware of this scam. It is best to avoid it entirely.
AKA, don't do what I did. It is financially dangerous, and just plainly reckless.
Part of why I did this is because I'm impulsive, but also, I had not seen any accounts across any platforms (primarily Reddit) report this specific scam. It may be a known thing, but I wasn't able to find anything easily. Therefore, it's not known enough. So, I wanted to ensure that this was legitimately a scam, and moreover, that I would get confirmation by the end.
Which I did. Because the scammer, once they were done with being a scammer with their kooky little account, changed their username.
(Again. Do not harass this employee by the same name. As far as I'm aware and understand what happened, this was impersonation. Whether it be a hacked account, or an account created to mimic, I don't know. The employee has nothing to do with this.)
After this, for a little bit, there was nothing. However, as I was writing this very post, a development:
(Left: Scammer email contacts me with following mistakes respectively: Fraud email address; Pressuring to spread this scam by “reminding everyone(?)” (I don’t know how this “everyone” is); Interesting date and time for San Fransisco, California on the day of our lord and savior, January 24th; Wrong amount of money that does not align with the $1096 I calculated; No period; I unsubscribed to Nitro, actually, so there really is no “subscription” here.
Right: PayPal informing me that one of the accounts (in which two payments were granted) declined my request for refund.)
(This is one of the accounts used for the scam. Be wary of this when using PayPal.)
That is correct. Almost simultaneously, the scammer sent over an email discussing...that, and PayPal informed me that part of the refund which the scammer "agreed" to was declined.
Um. Yeah I laughed. I will have to be diligent tomorrow to see what exactly they will do, since I suspect tomorrow something will come up. Or they just...miscalculated time for California? It's not even 2pm in the Philippines.
I also think they miscalculated the money. Despite me calculating it myself and providing the number within our interaction, but okay.
Fortunately, I have ensured some semblance of safety. I've pulled my card information from anything, and have changed the account username and password as well. So unless they somehow got access to my account, there's none of this "subscription" going on.
Now, if something does happen, I will add to this post in an edit. Just so that people are made quite aware of what scams can do.
Regardless of my present situation, here are some things you can take from this.
A FEW WAYS TO SPOT A SCAMMER:
If an account you have not spoken to reaches out (particularly someone who've you have never met irl), be cautious. Search for any discrepancies in how they type (even though a scammer can mimic, there will be differences in "speech" patterns).
Be wary of constant grammatic, syntax, and/or spelling errors--errors which a nonprofessional would make. (This is usually the first clear sign of a scam, in part because a lot of scammers tend to be non-native **English speakers, from other countries, but also because they don't care and are negligent so long as they're getting away with the scam.)
Pay attention to any email addresses sent to you. If it looks weird and unprofessional, it probably is. A prime reason why there's so much graphic design in many company emails is for this very reason: to confirm that it is (likely) genuine. It's not just to look cute.
If they ask for money and "promise" a refund, no. Just no. Don't believe that.
If said money is to a different country, be wary. Here are some known countries that scammers come from, with their currency:
Format Reference:
United States of America ($ ; USD)
Brazil (R$ ; BRL)
India (₹ ; INR)
China (¥ ; CNY)
Pakistan (Rs ; PKR)
Nigeria (₦ ; NGN)
Venezuela (Bs ; VES)
South Africa (R ; ZAR)
Romania (lei ; RON)
Philippines (₱ ; PHP) - This is the origin for this specific scam.
If any "support" of a company you are an active consumer of has to ask for your email to continue with any process, it is fraud. In the beginning, Discord already had the appropriate email address to reach out to me.
Lastly, if they are marked as "[Scammer]" at the end of the scam, they are a scammer. And this is them laughing at you.
**This does not just happen with English speakers. Generally speaking, scams of this nature will try to target people outside of their country, because they like to use the difference in laws, timezones, etc. as a shield. So regardless of the language, do pay attention to language errors. It's a sign of either a scammer who does not care, or someone who is unfortunately illiterate.
As far as this post goes, that is all I have. I myself was very reckless in this endeavor, but I do hope that people see this and avoid doing the same thing I did--unknowingly or otherwise. Again, I will urge you to not do this. Don't. Do not. Just avoid scams.
To spread this message, reblog if you can, and tag any fandoms that you are in (especially if there are Discord servers) so that people who are in fandom servers can know. Post this in Discord servers. Cross-post this in other sites, such as Reddit or Twitter. Just get it out there so that people are aware of the scam, or ones like this.
If you would like to add anything to this, whether it be specific to this scam, or just general advice, please add onto this post.
This scam is malicious, both for Discord users, and those who work for the company.
Thank-you for your time,
V. Stone
4 notes
·
View notes