Scam the Scammers?
-
There are so many odd things in the internetz, I fail to understand several of them.
I participate in a music related forum. Some when in the past (no more today due to GDPR), there was a list of all members of that forum. It showed many inactive accounts. Which have never been active: no posts at all, no votes, nothing. And they made up for more than 90% of all accounts...
So, these are not common spam accounts created for the purposes of posting product placement messages.
What could they be used for?I have a theory, but ... what do you think:
These accounts were created by some guys selling credentials. They tell their customers: look, here you get a list of member names and their passwords, plus a couple of member names plus their not-yet decrypted password hashes from some data breach which we just achieved.
While those latter hashes are just made-up, the list of member names with passwords is real: because it's the accounts they had created for this purpose.And so they can sell it...
-
It's not a bad guess... But it could be that there's a far, far more simple explanation, or at least an additional one.
Some forum software blocks viewing images or searching user details when you aren't a member, so people might be signing up to see more, then just abandon their account once they got what they came for.
-
@JBert That, plus there are even some that block reading posts, or at least deep into threads, if you aren't a member.
-
@JBert But 10 times more than regular users?
-
Even if the accounts belong to scammers, they may just be awaiting eventual orders from C2, like a botnet. That may well be resold, but it's not really a scam^2 because it's still providing a legitimately illegitimate service.
-
@BernieTheBernie said in Scam the Scammers?:
Which have never been active: no posts at all, no votes, nothing.
Showing no posts at this time doesn't necessarily mean they have never had posts, they could have been spam posts that were deleted. If the forum software calculates post counts live, the normal count of a former spam-based user would be zero.
Seems to me, at least.
-
@BernieTheBernie said in Scam the Scammers?:
So, these are not common spam accounts created for the purposes of posting product placement messages.
What could they be used for?People do sign up to forums just to read them, even on ones where they wouldn’t need to do that. Chances are that a fair number of these users were automatically signed out at some point and never even noticed — or moved on after a while and never came back.
-
@Gurth said in Scam the Scammers?:
People do sign up to forums just to read them, even on ones where they wouldn’t need to do that.
will let you read without being signed in, but won't keep track of what you've read, so you'll be lost in infiniscroll hell unless you sign in.
-
People also used to sign up for forums to get the newsletters. My, how times have changed.
-
@error said in Scam the Scammers?:
@Gurth said in Scam the Scammers?:
People do sign up to forums just to read them, even on ones where they wouldn’t need to do that.
will let you read without being signed in, but won't keep track of what you've read, so you'll be lost in infiniscroll hell unless you sign in.Is that not also true of
?
-
@Arantor said in Scam the Scammers?:
People also used to sign up for forums to get the newsletters. My, how times have changed.
I am intrigued by your ideas, and I would like to subscribe to your
newsletterforum.
-
@HardwareGeek said in Scam the Scammers?:
Is that not also true of ?
It seems to default to pages (as it should), so you can just page through content like
$deityintended.
-
@error said in Scam the Scammers?:
@HardwareGeek said in Scam the Scammers?:
Is that not also true of ?
It seems to default to pages (as it should), so you can just page through content like
$deityintended.Does it? The only time I've spent any time here not logged in was during the Great Benning, when I was unable to log in, and I've purged most memories of that time.
-
@HardwareGeek I support the motion to rename The Lubaring to Big Benning.
-
@Gąska Don't forget there are two incidents for which we need distinct names. I have always liked The Lubar FUBAR for the first one. The Big Benning is an acceptable name for the second.
-
@HardwareGeek oh right, I totally forgot about the time rift.
-
@Gąska said in Scam the Scammers?:
@HardwareGeek oh right, I totally forgot about the time rift.
It’s almost as if it never happened.
E: I think some evidence of it remained by people (like me and @HardwareGeek) having kept dozens of tabs open, including quotes of posts lost in time. I might even have restored a few posts, but I’m not sure / don’t remember.
-
@topspin Sadly, no. I have lots of tabs open, but I generally only keep one TDWTF tab. I wish I had posts to restore; my account of my journey from CA to TX was lost in the rift.
-
@HardwareGeek said in Scam the Scammers?:
I have lots of tabs open, but I generally only keep one TDWTF tab.
:rookienumbers.apng:
-
@topspin I sometimes open additional TDWTF tabs, but only temporarily. For a while, my workflow (or
workflow) used to involve opening each notification in a new tab, which could be quite a few tabs, but then closing each one after I saw which post got upvoted. But notifications seem to be better-behaved recently, and combined with being less compulsive about every single upvote, I generally don't bother with that any more. I'll open a new tab if I want to go search (
) for something in another thread, or when history gets borked so the back button () stops working, but other than that, I mostly just stay in one tab. I do, however, have oodles of no-longer-useful tabs that I've opened from links posted here.
-
@HardwareGeek said in Scam the Scammers?:
being less compulsive about every single upvote
Teach me your ways, o wise one
-
@HardwareGeek I open each thread in a new tab, just like I do on every other forum. I normally only open response notifications and mark everything else as read. (This combination often means I get to "mark all as read" in multiple tabs to get it to stick.)
-
@BernieTheBernie said in Scam the Scammers?:
And they made up for more than 90% of all accounts...
Faaaar more than that.
https://what.thedailywtf.com/users
I have no idea. But I can tell you that these accounts do not share emails or IP addresses with known spammers. Those go into a queue to be reviewed by staff.
-
-
@boomzilla said in Scam the Scammers?:
@BernieTheBernie said in Scam the Scammers?:
And they made up for more than 90% of all accounts...
Faaaar more than that.
https://what.thedailywtf.com/users
I have no idea. But I can tell you that these accounts do not share emails or IP addresses with known spammers. Those go into a queue to be reviewed by staff.
Tying back into some other suggestions above, and since you can see more info than @BernieTheBernie can see on those other forums, can you see if those users are, or have ever been, active in some way? Did they log in more than once, or recently? Do they have positions in threads stored (i.e. did they read stuff)?
I'm pretty sure there must be some number of lurkers-with-an-account, either current ones or past ones (you could lurk for a time, then move away, and your account will still be there forever). But it'd be interesting to see how many of those 95% they make.
ETA: joined/last online are visible on profiles, and on the few I clicked they all have the same date for both, like if they registered and never did anything after. But those I found are from ages ago and with various migrations in between, maybe some information was lost.
EATA: a lot of them seem to be spam account ("Buy_XXX" and similar names), so not lurkers. I then assume they posted once immediately after registering, their post got deleted, and the account is still there but with nothing showing?
-
@remi Of the people on the first page of members (default sorting, join date, descending; i.e., the most recent people to have joined):
- 24 new members
- 2 banned (one within the last 4 hours)
- 1 has a post (Funny Stuff)
- 1 (that I noticed) has a last online date more recent than the join date
That leaves 20/24 who registered, never posted, and never came back.
I don't know if that's typical over a longer period, but 
to do further research (and no, I can't see anything beyond public profiles).
-
@HardwareGeek I have a new theory, based on seeing some non-technical people interact with computers.
I wonder if some people just stumble onto the login page (from whatever random search they did), and because they've been "trained" to log in and register into websites, they just click through the process for no good reason.
I'm not sure if it's more, or less, reassuring than assuming those accounts are intended for resale by a scammer later (which would be my preferred theory overall).
That ties back nicely into the stupidity vs. malice sub-thread going on in that other garage thread.
-
@remi One other thing I noticed and forgot to mention. One of the drive-by joiners seems noticeably suspect. Age, location, name, and profile picture don't seem to match.
Location: India
Age: 33
Name: Albertina (-ina suffix suggests Romance language, southern Europe, maybe)
Profile picture: Very fair-skinned blonde who looks about 20
-
@HardwareGeek Sounds like bait for some scam. Maybe to build "credible" profiles to then link to somewhere else (you know, those kind of "hot women less than X miles from you")?
I don't see how a profile on TDWTF could help with that, but if they're created by some kind of bot (or some mindless human paid by the click in some third world country, but at that point they sadly become essentially bots...), it may have been intended to work on other sites where that kind of profile would help, and simply hit TDWTF as a side-effect (random list of sites built from who-knows-where that happens to include this one).
-
@Gąska said in Scam the Scammers?:
@HardwareGeek I support the motion to rename The Lubaring to Big Benning.
I've been trying to get The Day That Threads Weren't Free to stick, but it's a bit of a mouthful.
-
-
@Watson said in Scam the Scammers?:
@boomzilla
https://what.thedailywtf.com/users?section=sort-posts&page=326So, ~95%
TIL: I'm the top poster among all user names starting with "Steve", by a factor of not-quite-80 (2370 vs 30). Removing the second place "steve" raises that factor to more than 200 (2370 vs 11).
-
@HardwareGeek You also get desktop notifications in every open tab which makes having multiple tabs open an extremely obnoxious experience...
-
@sloosecannon Eh, with very rare exceptions*, they're open in the same window, so I only see the active one. If the other tabs are getting notifications, I don't notice.
* Before our DM disappeared, I kept two tabs open for the play-by-post D&D game and OOC discussion, along with Roll20 and other game-related tabs, open in a separate window. I can't think of any other exceptions.
-
-
@remi said in Scam the Scammers?:
@boomzilla said in Scam the Scammers?:
@BernieTheBernie said in Scam the Scammers?:
And they made up for more than 90% of all accounts...
Faaaar more than that.
https://what.thedailywtf.com/users
I have no idea. But I can tell you that these accounts do not share emails or IP addresses with known spammers. Those go into a queue to be reviewed by staff.
Tying back into some other suggestions above, and since you can see more info than @BernieTheBernie can see on those other forums, can you see if those users are, or have ever been, active in some way? Did they log in more than once, or recently? Do they have positions in threads stored (i.e. did they read stuff)?
I'm pretty sure there must be some number of lurkers-with-an-account, either current ones or past ones (you could lurk for a time, then move away, and your account will still be there forever). But it'd be interesting to see how many of those 95% they make.
ETA: joined/last online are visible on profiles, and on the few I clicked they all have the same date for both, like if they registered and never did anything after. But those I found are from ages ago and with various migrations in between, maybe some information was lost.
Yeah, that's about what I've done with a few of them. I really have no explanation. They're like the numbers stations of forum members.
EATA: a lot of them seem to be spam account ("Buy_XXX" and similar names), so not lurkers. I then assume they posted once immediately after registering, their post got deleted, and the account is still there but with nothing showing?
Yeah, some are definitely trying to do the profile spam thing. I'll ban those guys when I notice them, but if they don't show up in the registration queue (which happens if your IP or email address or username is in a spammer tracking DB) and if they never try to post (all first user posts have to be approved by staff) I probably never see them. But if they post some spam in addition to not allowing their post we also ban them.
-
@remi said in Scam the Scammers?:
@HardwareGeek I have a new theory, based on seeing some non-technical people interact with computers.
I wonder if some people just stumble onto the login page (from whatever random search they did), and because they've been "trained" to log in and register into websites, they just click through the process for no good reason.
Yeah, could be they're using Facebook or Google or whatever.
-
@HardwareGeek said in Scam the Scammers?:
Location: India
Profile picture: Very fair-skinned blonde who looks about 20Nothing unusual in south or south east asia: people use a photograph of their girl friend (or would like to have as girl friend) as their avatar.
-
@boomzilla said in Scam the Scammers?:
Yeah, could be they're using Facebook or Google or whatever.
Ah, I forgot you can log in using a different account (as I never do that). And I guess if you do that, you get a profile automatically created on our database as well?
That could explain a lot. Either spammers who already have an account and then just randomly scan all sites that allow using that account to log in (either with the intent to spam at some point in time later, or to resell the account), or random clueless users who see a login box asking for the Facebook login and just fill it in blindly.
(related: if banks and the like have to send messages and messages to tell people to not enter their credentials randomly in any site they encounter, that means enough people actually do this!)
-
Would be willing to bet the majority are not set up that way.
Let’s go for “spammers” rather than trying to delineate between bots and humans because often there is a human driving somewhere in the chain.
Several reasons seem to exist, with various overlaps:
- Profile spam (setting signature, website link) which is usually accompanied by a post in a “chit chat” or “introductions” board
- Registering at as many places as possible to harvest the answers to any forum “answer this question to register” setups which get fed back to a few centralised databases
- Showing off to prospective clients, “look, our software has made this many accounts on sites using these platforms”
- Content harvesting (e.g. for clone sites) though this is rarer than you’d imagine
-
-
@HardwareGeek said in Scam the Scammers?:
@remi said in Scam the Scammers?:
random clueless users
But you repeat yourself.
No, the word "users" was necessary because there are other types of clueless people.
-
@Arantor said in Scam the Scammers?:
Content harvesting (e.g. for clone sites) though this is rarer than you’d imagine
I've seen at least one site that copies all frontpage stories from here.
-
@Gąska sure, any long term established blog would probably get cloned, but harvesting for clone forums is definitely less common, even for big/established forums.
-
@Gąska 'Here' as in the forums?
-
