Forums » Smalltalk » Anyone notice an uptick in bot activity?

Let's keep it on-topic everyone.

I had reported a bot who tried scam some cash from me.

Unfortunately, generative AI (such as ChatGPT, etc) has made spam bots increasingly good at evading the filters we have in place to keep them out. As mentioned previously, we encourage people to report suspicious activity. Even if it turns out to be a real person, it's worth looking into just to be safe.

Based on my interaction with a lila_logan1, I reported the profile for review today and messaged some people who may have been in contact with her.

The initial interaction seemed innocent & pleasant. It was friendly; "She" complimented my character concept and asked questions about my inspiration.
I spent a lot of time trying to decide if this was a "human with limited chat experience/knowledge of social cue nuance" or perhaps a bot/scammer.

Things I noticed that made this seem legit:

• Schedule: "She" was not online constantly pinging me. There were breaks in our interaction, the way most people come and go from internet-land. (noted by another user)
• Seemed interested to engage & ask questions.
• Internet presence pointed to a discord, twitter, twitch, instagram (noted by another user), a card page, and an artstation.
• 99% sure they had pricing mentioned somewhere in all this.
• Based on our conversations, I assumed she wanted to plot some collaborative writing.
• They replied to a previous discord message asking for my thoughts as if I had missed a question and they wanted clarity.
• They asked questions about WHY I wasn't interested.
• work jokes got a laugh
• Hypothetical inquiry

Things I noticed that made me suspicious:

• Asked where I saw their art. The links in their discord led to twitch and twitter, then card, and art station. I generally assume people post their links to be viewed and tend to expect it. Especially if you mention you are an artist...
• The conversation repeatedly went back to "wouldn't you like a commission?" I had to be very direct. (Eventually choosing to cut them off.)
• They continued to press, repeatedly steering the conversation toward this single goal despite multiple "no's" which ranged from silence to quite direct (I'm a soft little people pleaser).
• They asked about what I would look for in a commission. I reference my Artist and her RPR art thread. They asked me to send them image files instead of visiting my character page or my artist's thread on RPR.
• Their final attempt was "Please send me referrals" for free art. (Girl BYE)

I'll happily send you our convo and discord Chat Screen Caps if you'd like to see how gullible I could be.

Same experience almost exactly, but she never did ask me to buy any commissioned art. We started talking on PM here and then moved to Discord. I will note her request got caught in spam. I have never had that happen ever using Discord and didn't know where to look since it was the first time and I've had that account for years.

At first she asked a lot of questions about my characters and how I came up with them. Then she wanted to know if I had any paid commissions of my characters to show her and I didn't. She asked if I had any art on Instagram and I said I didn't. From there, she wanted me to look at her art and critique her style. Her IG account listed something about AI. I Googled it and it was an AI design tool for generating pictures. The site had been disabled, but I noticed the preview before you clicked the link showed drawings that had a similar style to her artwork, which definitely appeared like it could have been AI generated given it was all done digitally. The whole conversation had a weird feel to it over the course of several days.

At first, I thought she wanted to know if I would do an RP with her character and was just shy but then she wanted feedback of her work and I kept thinking she was going to try to get me to let her draw one of my characters for a fee, but never did. At the end of it, I was not really sure what her motives were. The whole thing just had a very weird vibe to it.

I ran into a bot similar to .the.MILK.theef. ran into, but didn't know that it was at the time vs someone socially awkward. Partly because we had only exchanged a couple of messages before they got deleted.

I also experienced what Milk Thief experienced ,but I never responded to them because I was...confused. Lol and shy and....I've learned to be a ltitle more careful about sharing my character details with people unless I intend to interact with them as a friend.

Now I know why my gut was telling me that. (Thank you for warning me btw, Milk Theef!)

Also, I also had some bots (so did a friend) or something like that, where i got messages from accounts who had been deleted anywhere from an hour after sending the message, to 5 minutes. It really was weird. Completely empty accounts with no activity. I just ignored them, but found it weird weird weird. Esp since one of my other rp partners got it at the same time. I assumed they were bots, or spammers. Seems other people experienced something similar.

Those sound like the 'Kimi' DM I got last week about art collaboration or something. I haven't gotten any more yet.

So, a lot of what consistutes as 'hacking' and scamming online is primarily social engineering. It means playing into the social aspects of human communication in order to execute a plan of some sort, whether it's to gain access to someone's account, their money or otherwise gain something from the situation. The weakest link in online security is always the human being, either because they're careless with their password (using weak passwords, using the same passwords across many websites etc.) or because they are tricked or swayed to reveal sensitive information. People using personal laptops to do things for work for example tend to be more easily compromised.

Talking to a stranger like what's been described here is either to a) establish rapport for a long-term con where you'll end up trusting them enough to reveal personal information, pay them money etc. or b) to data mine conversations for AI. When you have longer term weird interactions like this with accounts whose requests get flagged for spam, 9 out of 10 times you are talking to a bot of some sort of someone whose behavior closely emulates a bot or a scammer. Remember there's a reason Discord flags a request as potential spam. While it may throw up a false negative every now and then, the most likely scenario is that the account is by default suspicious.

A lot of bot messages these days are posts made by real people but reposted, sometimes after having been run through some sort of AI to rephrase the existing content so it's not an exact copy. It makes it exceptionally easy to miss the account being a bot. I've tracked down a fair share of these types of messages on another website I help moderate and it's kind of scary how human bots can make themselves appear to the untrained eye.

I highly recommend practicing good online safety and hygiene:

• Do NOT use the same password twice across multiple websites; use password managers like Bitwarden or 1Password to generate unique passwords and keep them safe behind one Master Password that you never share with anyone
• Use a dummy email account for websites you aren't sure you trust. By dummy email account I mean an account that is NOT tied to important websites or agencies that you use exclusively for things that have no real life impact. Keep your real life email address linked to things like paying rent, your bank account or whatever separate from casual websites.
• Avoid using SMS as a way to establish 2FA. It's possible for scammers to intercept SMS authorization codes once they know your phone number. Always use an authenticator app where possible.
• Do NOT give out personal information, including your email address, social media handles with your real life name, your phone number or otherwise unless you are 1000% sure you're talking to a real human being who has a legitimate need for this information
• Be wary of people who message you out of the blue (that's called 'cold contact') with requests that feel weird or unusual to you. The situations described in this thread are good examples of this.
• Listen to your gut. If something feels off, fishy, too good to be true, there's a reason for it. It's better to cut contact and miss out on a potential connection than to be scammed or having your accounts compromised.
• Ask a lot of questions about people's intentions. If you're unsure why someone is messaging you, ask outright. If they refuse to answer, give weird half-answers that don't really answer your question or they dodge the question and change the subject, cut contact. Remember it's never rude to ask someone's intentions, if someone makes you feel bad about that it's their problem, not yours!

As for the accounts that disappear, we have a bunch of detection tools in place to help us recognize suspicious behaviors (kind of like how Discord filters out suspicious accounts). When we clock a bot account we're able to nuke the account from the site very quickly.

And when in doubt, never hesitate to report a message or account to us for us to look over! We'd rather tell you that the 10 accounts you reported as legitimate than to miss one bot account that causes havoc.