Topic: [!WARNING!] Escrow Impostors on Telegram [!WARNING!] (Read 620 times)

I received a PM from a new member this morning, asking if I was in communication with him on Telegram.  I was not, but the person he was communicating with was claiming to be me.  This scammer has been at it for at least a couple of years.  His "first name" is spelled exactly like my forum handle, but for the Telegram user name he's using a capitol "i" instead of an "l" in the word wolf, i.e. DireWoIfM14.  The scammer's profile picture is a photo of some hardware wallets that I recently posted for sale.

Here's his Telegram user info:


Be diligent when using Telegram.  Do not trust anyone who approaches you out of the blue claiming to be me.  I will never do that, and you can be sure it's a scam!  My Telegram ID is posted on my profile page, copy it and paste into Telegram to contact me.  I've been under attack myself recently because I don't tolerate any Telegram shitfuckery here on the forum.

I was contacted by another impostor yesterday, this one claiming to be achow101.

You can change it. I did a simple test.

Let's start with the fact that Telegram is a piece of proprietary crap that has nothing to do with privacy and security, at all. I've been saying this since 2016, and so far the situation hasn't changed.

Teleram tries to run some shitty "crypto", but can't even make sure that the IDs are actually constant.

In general, to get a new Telegram ID you don't even have to obtain a new phone number. Just delete your account and immediately create a new account with the same phone number and you will get a new Telegram ID.

Yes, yes, you got it right, a scammer can trick the victim, even if his Telegram ID is posted on the forum to warn other users, but this will not change anything, because the scammer can simply re-create his account with the same phone number, and get another Telegram ID.

---

How can we fight against this?
We can't.

There's a saying: "Бeз лoxa и жизнь плoxa" ("Without goofs life is bad")
Or another one: "Лox нe мaмoнт, нe вымpeт." ("Goof isn't a mammoth, it won't die out.")

Until most people start thinking straight, they'll always be scammed.

For other people/services that provide their services on this forum - create a PGP-key and leave it wherever you do your business. Always remind your customers that PGP verification is mandatory.

Thanks to Keybase now it is very easy to check the signed message, you don't even need to install additional software, just copy-paste in your browser. Example, go here (https://keybase.io/verify), copy-paste the message and press on "Verify":

I also notice that some members are able to hided there handle.  I'm not exactly sure how that's done, maybe they aren't selecting one at all.  The @userinfobot still works to retrieve their unique user ID number.  That cannot be changed, but it may hidden from you if you are blocked by that user.

Today I learned Telegram users can hide their "handle" and add someone else's handle as their "Bio". Yesterday, I was contacted by a suspeciously interested person posing as a BlueWallet dev. I totally thought it was the real account doing rogue things!

I barely use Telegram so I'm not very familiar with what should be where exactly in the profile. Those are terrible features that shouldn't exist at all!

My first experience on this forum was with this user @herbert . https://bitcointalksearch.org/topic/m.53401755

It was hard to notice and realise that I am being scammed, luckily I had enough nerves to stay calm and avoid the demage. It is sad that users with potential and escrows arround here can be contacted outside the forum.

They should rely only on the conversations here in public topics or private messages; not such as telegram/skype/jabber

Imposters almosts all the time look alike, same name, same image, same bio (if available) almost same username (usually 1 character mismatch).

It's not only escrow imposters but there are also many currency exchange imposters. A few ago I was scammed by one of them but that was my mistake. The telegram UID was similar to the the actual guy but actual link behind that was different. Stay safe guys ..lots of imposters out there.

Hi,
Same thing happened to me https://bitcointalksearch.org/topic/m.53413855

Basically this user tried to convince me that I am chatting with the escrow member. Then he copied wrong bitcoin address and I saw this. He edited the btc address after this. I have documented all of it in the thread. May be it is even the same person...

EDIT: I just saw the last post of this thread. Yes, it's the same.
EDIT2: Do profiles like that even get banned here? It is very clear what happened.

Beware, there's another Telegram scammer trying his luck today.  This morning I found a PM from member mile616 in my inbox asking me if my Telegram user name is @harleyinhawai.  It is not.  Someone going by that username on Telegram was pretending to be me.  These are screen shots of the conversation that mile616 was having with the impersonator:









Coincidentally, someone using the same Telegram username had contacted me to ask if I was still buying BTC.  When I asked him to send me a PM on the forum, he deleted the conversation, and blocked me.

Never trust telegram IDs.
They misplace certain letters in username to look as the authentic id.

I tagged (and flagged) this guy in DIGITAL GOODS where he is basically selling $100 in "cash" for $85.  http://archive.md/wip/0FQTF
LOL, Sounds legit.

You wouldn't believe the type of imposters I come across on Telegram! I get messages from user-names like Og_Nasty, minnerjones, SebastainJu claiming to be the actual forum members. After you ask them for some details, they simply block you or change the user-names again! I legit was contacted by the same account pretending to be Og_Nasty in the morning and minnerjones in the evening.

You can also stake escrow receiving addresses..

Example:
1erct98c45wut85cterc90g8fg098
"DWM14 will only ever ask funds to be delivered to one of these 3 escrow recieving addresses
1213423542532453 , 1rtgj89tgj49cgjc48rjgfwf8jrege , 1fjkgn58gj459ojfw5489ji
signature-5atw45cye67 56u yh65ers5 t54etrf
Or signed with PGP..

If you want to get around monotonous repeated formalities, only receiving to staked addresses still basically proves that it is going to be received by the correct identity without having to sign every time, unless you or your customer also want you to sign the specific terms of the contract, then you should, IMO..

I would think that PGP is better in that it is more proper and more widely accepted across all communities than Bitcoin address staking, but if you are dealing almost solely with Bitcoin communities, then it will probably be easier and more familiar for most users to verify signed BTC messages rather than PGP..
PGP is good for sending/receiving encrypted messages containing sensitive information, but may be overly formal for most Bitcoin related stuff..

Just my 2 sats..

@eddie13, you make a very good point.  Initially I had mentioned in my escrow thread that all addresses I provide will be signed with my PGP key, but I didn't make it a prominent declaration.  In my defense, I have always signed the escrow addresses I provided.  I do you hope you are right that setting a good example will help.

Yesterday I added a very visible warning to my escrow thread, but again failed to mention the importance of a message signed with a staked key.  After reading your suggestion I made the following edits to the warning:

Why is their no mention of proving identities in this thread then?
Teach them that they should expect anyone engaging in a position of trust to use their staked identity, period, on TG or on BTCT no matter..  
Telegram account usernames are not any proof of identity, nor are BTCT accounts.. A good escrow should sign every deal with a staked Bitcoin or PGP public key..


ftfy
That's better IMO..

Want to teach newbies?
Set a good example and sign your identity for them the first thing when dealing with them on TG just to be professional.. Get them used to this protective formality.. Sign every time you are expected to be the real you..
Every escrow contract or deal should be signed and/or received only to a staked receiving address no matter if on TG or BTCT..

This is the way to protect yourself from stolen identities across all platforms..

Bitcointalk accounts don't mean shit for proof of identity either...
Your staked keys are your identity and any accounts you use on any platform are just sockpuppets of your identity that can be hijacked at any time.. But your keys cannot..



Bitcointalk PMs, posts, and even quoted posts, are not even near the level of proof of agreed contract compared to receiving a signed message signing the terms of the contract, and saving it yourself..

What stops any account from making a deal with you, like taking a loan, and then coming back a week later with "I was hacked, I didn't agree to that!"?
Have their real identity sign the agreement terms, for future proof of their deal acceptance to protect yourself with ultimate proof..
Same with any deal requiring trust from any party.. Terms should be signed..

The most frustrating thing is this is just a wack-a-mole game.  Red-tagging Kami90kaza will just dive the scammer to create a new account, and prey on other unsuspecting victims.  I wish there was a way to effectively educate newbies about this threat.  One thing that occurred to me was to perhaps make a sticky thread that details all the ways scammers can dupe victims.  Royce777 created a pretty good one, but unfortunately the Impostor Scam is buried deep in his post, and is only briefly mentioned.

Maybe I'm being overly sensitive about this particular type of attempt because I was recently targeted, and then I wrongly accused a respected member of the community as being the culprit.

---

Here are a couple of posts from newbies complaining about this particular account:

I remember seeing users complain about him before in some posts , that he was trying to provide fake escrow . I'll update this post once I find the specific links , ( they haven't made official scam accusations against him ).

Thanks, I've changed my sig. Fuck telegram scams.

Don't answer to any PM is the only solution for using Telegram.
And you also have to adjust privacy settings, and disable other people adding you to random groups.
I can'r even count how many scammers I reported and blocked there...