How not to get scammed
PublishedA case study of an organized scam operation. I explain how I fell for a scam, and also my lessons learned from all of this, as well as some insights of how (not) to judge a potential scammer's content. Follow along if you would like to raise your awareness against cybercriminals.
Desperation – on both sides
As we are all witnessing the blatant live-streamed genocide in Gaza day by day, week by week, month by month with a sorrowful heart, being unable to stop it, waiting for some definitive and powerful actions to replace the egregious inaction of the whole world, many of us have been growing so frustrated that we wanted to take the matter into our own hands and fuckin' do something.
The IDF has denied entry for all humanitarian organizations to Gaza long ago to deliberately starve the population to death. So if UNRWA cannot deliver the precious aid to those in need, what's the point in donating them, right?
Luckily, increasingly more and more Gazans have discovered Mastodon and signed up in their desperation so they could spread their fundraiser campaigns and hope for some income for their families. Or have they?
Case study
Today's main character is Nouran, a 19 year old aspiring dentist from Gaza. I did conduct a few surface checks before sending my money to a stranger. Checks, such as:
- Eyeballing some of the published photos and videos, searching for obvious AI artifacts or other kind of manipulation
- Analyzing the main story on the fundraiser page
- Conducting some screening by reaching out via DMs
- Analyzing the overall behavior of the person behind this profile
At first I had mixed feelings, but after exchanging a couple of messages on Mastodon, all of my doubts kind of disappeared. Kind of. And this is where I messed up big time. I was only 95% sure I was dealing with a real person in trouble, and not 100% sure.
My initial analysis
The very first things that caught my eye were in the header picture on the fundraiser page: first, the kid (in this story they name him Ahmed) is holding a hand, but in a very twisted way. I didn't really understand it, but that part of the picture was a bit blurry anyway, so I didn't wanna jump to conclusions just yet.
Secondly, in the same header picture, check the cat's leg. It looks like it's somehow glued to the cat, but again, the picture was so low-resolution, I was thinking, maybe it was just an awkward angle, nothing more. And then I realized Ahmed's toes in those blue slippers. Seemingly alright, although – again – low-resolution. I even spent some time on thinking of the decorative elements on the slippers, I even reverse image searched just the slipper, to check if it existed, but didn't find anything. But anyway, it looked like a legit pattern, and the fact that the left foot was in the picture at all, confirmed to me that it was a real image. I was thinking, an AI definitely wouldn't have been able to accurately put those toes there in such details.
The sheet of paper in his hands seemed out of proportion. Too large for A/4, but too small for A/3. But didn't think much about it, I though I was just crazy.
I checked generally the facial features and the consistency in scenery between the posted images.
As for the text on the fundraiser page, it did look like it was, at least partially, AI-generated, but come on. I won't look down on anyone for utilizing some AI assistance to compose such a text. English is very likely not even their first language, but they gotta pour their suffering into words in one way or another. In my opinion, for this kind of productive work it's fine. (As long as it's not a scam. Oh, boy.)
Regarding the content of the story, just one little missing detail was bugging me: ten family members were mentioned, but they were collecting money for only the two parents and seven children (all listed by their names). The missing child was Ibrahim, and mentally I had already prepared for the worst: he might had died in the meantime.
For screening questions, I asked her about Ibrahim, to which she responded that he managed to move to Spain six years ago, but he was burdened with debt. And as a bonus question I asked about the rumors I actually heard from a YouTube video by another Gazan (he deserves another article, as I believe, he is a scammer too, perhaps from the same actors even, but I'm still in the phase of collecting evidence). Specifically, about the 40% surcharge when they access their own money from their bank account. She explained in details how it worked.
In any case, her interactions were very convincing; nothing like any scam I've seen before, in terms of language and style.
And finally, her overall behavior. When she began to follow me, she barely had some followers, but she was following over a thousand people, and she was posting every few hours. This somewhat triggered the scam detector in me, but at the same time she was posting quality content, she even had some very well written blog posts on Medium.
First lesson: do not ever ignore suspicious signs. If there's even just one little doubt, that should already raise an alarm and further, more meticulous analysis is needed. Don't skip it. Don't cut corners. Don't be fooled.
Realization
I was already past some donations when the next few clues hit me. It was when more people from "Gaza" started following me. I returned the gesture and started the same initial checks as before.
Meanwhile, I saw the same texts being posted by these new profiles, as what Nouran posted before. Sometimes exact copies, sometimes with some slight changes. Sometimes the exact same, obvious spelling errors carried over, such as the word "b0mbings", which appears like the typical filter-evading deliberate typo which scammers often resort to. Another thing I noticed in my timeline was, that all these profiles were posting in clusters, within 1-2 minutes of difference from each other.
By now all of those posts are deleted from that critical time period, but luckily someone else also started to suspect a scam operation, and he did take some screenshots.
This was the point where I started to dive into the matter more thoroughly. I spent hours and hours and hours with analyzing the posted videos, and surely I found something.
In the video, where she was attempting to verify herself by recording her phone with her Mastodon profile open, then scanning the surrounding rubble, I noticed a Redmi logo on the bottom edge of her phone's screen – I hadn't seen any smartphone having a logo there before. I started to look through all Redmi models, but at some point I gave up.
Here's my second lesson: do not jump to conclusions alone. We are on social media, so use it! No one will bite your head off for sending some DMs asking for their opinion. Luckily I did reach out to someone who also managed to identify some of the scammer accounts, and he gave me some sobering heads up: Redmi 8A. That phone does have a logo exactly there. So this claim of mine proved to be false. We all should discuss our findings with each other (after making sure the other person isn't a scammer, of course). Kind of how Dr. House is investigating. We need someone who always challenges every idea, and another someone who brings up new ideas. The more input, the better. Because it's pretty much impossible to stay unbiased alone.
At the end of the same video, I saw a person in the rubble who stopped in an awkward position just before the clip ended. At first I thought that person was definitely fake, but again, the sobering counter-argument was that if someone was climbing those ruins, they would take a position like that while balancing. Although this doesn't explain why the person stopped moving. In any case, this wasn't a decisive evidence after all.
Next video was Ahmed talking. It should be a strong clue that it was cut after every one or two words, possibly because currently it's hard to deepfake longer videos, where the lips are perfectly in sync with the audio. This weakness of the AI was cleverly covered up by the plot: the kid was reading his lines word by word, because he did not speak English; this way let's say it's understandable that it was cut so frequently. Although this still raises some questions, e.g. why is it such a big deal in this kind of a video? They could've just kept the video uncut and uploaded it like that.
But the next little detail was a stronger hint towards the deepfake argument: watch the writing on Ahmed's shirt in the video, which says "INTAG" in a serif font, and then compare it with the pictures in the header image of the fundraiser, where in the first instance, the "I" is missing, the "N" is sans-serif, and in the second instance, the "I" is there, but it's about half the size of the "N".
Finally, the most obvious AI artifact that instantly confirmed this was a scam for 100% certainty: she recently uploaded another video in yet another attempt to verify herself. In this video she gives a very short introduction on a rooftop. They took very good care of the nearby scenery, but the ruins, or more precisely the shadows of the ruins were the unmistakable proof. How many suns are shining in Gaza?! In this video, shadows were cast in every direction. And honestly, I was surprised she came out with such a poor deepfake. After such a convincing acting I didn't expect this blunder at all.
Then I went back to older videos, and I could spot some other instances, where shadows were clearly missing.
Third lesson – which isn't really a lesson; everyone should know this – do not ever trust strangers on the internet. I did reach out to a cybersecurity expert, and according to him 99% of such individual fundraiser campaigns are fraudulent. Even if he exaggerated, the rate is pretty high. Therefore, always assume it's a scam, unless proven otherwise. Prefer humanitarian organizations if you want to donate. Even in that case, do reach out to them via official channels to confirm the fundraiser belongs to them.
I get it, I know it – I also have a friend who launched such a campaign once, thus I know legitimate individuals do exist. And yes, it's cruel that they suffer a disadvantage just because we don't trust them because we cannot verify them. Thank all this to criminals who abuse other people's generosity. I'm not saying don't ever send money to individual campaigns, but if you do so, verify them first. And good luck with that.
In the AI era, where millions can be stolen from companies so easily with a deepfaked real-time video call, I think it's no surprise if I say, video proof is no proof of authenticity. If you want to verify someone, devise some well thought-through questions that only real people could reliably answer. Make a collection of these questions, specifically for each individual story, and ensure they reply with no delay. Don't ask everything at once; let them answer first before asking the next question, especially if they're related topics. Prepare for answers like "I don't know", "I can't answer". Involve other people too. If scammers are working in groups, why can't we do so as well, to defeat them? Discuss who asks what, and try to achieve contradictions, but don't make it obvious either. Don't let them verify themselves on their own with their own methods. You ask the questions.
I know this sounds more like an interrogation, but this is needed. And someone who really needs those funds, should be okay with it, as long as you treat them with dignity and respect.
Finally, a warning for the future. Scammers are constantly evolving. They are learning. AI tools are improving. Today we might still catch them, but tomorrow? At some point we won't be able to tell a legitimate and a fraudulent fundraiser apart. This is why it's important to verify whom you're donating to. It is beyond cruel and unbearable to think about all those tens of thousands of Euros worth of money meant for the people of Gaza to ease their suffering, being stolen just like this. As reporting those accounts has little to no effect, the most powerful weapon to avoid being done up like a kipper is education and awareness to prevent sending money to the wrong hands in the first place.
Comments