In a recent turn of events, Double Wan (@iamdoublewan), fell victim to an elaborate scam while participating in what he believed to be an innocuous interview about the future of Friendtech (FT). Wan, recounting the incident, revealed how he ended up losing his funds and the valuable lessons he learned from the experience.
Wan’s encounter began when he received a message from @_connormurray (now @thomasguaItieri, as of posting) requesting for an interview. Seeing that he has more than 10,000 followers, Wan agreed, viewing it as a chance to practise his English. Little did he know that this decision would lead to a costly mistake.
Screenshots of the initial conversations on X. (Source: X @iamdoublewan)
The interview, conducted over Telegram, involved another person taking notes. Both with an American accent and non-Asian. The discussion centred around Wan’s thoughts on FT and its future etc, lasting around ten minutes.
After the interview, Wan was sent a link to a form through Telegram, in which the records have been deleted by the scammer. This form requested his consent to use his data, a seemingly harmless request at the time. During this stage, the conversation was still in English talking about the publishing date and they even brought up another individual named Levi that Wan had mentioned during the interview.
However, trouble arose when Wan attempted to verify the process and encountered an error on Safari. He shared a screenshot with the scammers, who advised him to use Google Chrome and add a verification link to bookmarks. Following these instructions, an FT window prompted him to enter a password, which posed an issue since he had used an Apple ID without a password.
The scammers assured him that they only needed to confirm his identity. But in a shocking twist, in less than ten minutes, all of Wan’s funds were wiped out, with the revelation coming through a message on Twitter.
In an effort to address the situation, Wan messaged the interviewers on Telegram, alleging the theft of his funds and requesting that they leave some for him. In response, they requested a phone call, seemingly as a tactic to stall his efforts to recover his assets, ultimately culminating in the deletion of their chat records.
After Wan’s post gained significant attention, the scammers proposed a deal to return half of his money in return for post deletion. Their communication featured tactics designed to induce anxiety, such as phrases like “You have only 5 minutes,” alongside attempts to evoke empathy with statements like “I also have a child, I do this for him.
Screenshot of the conversation on Telegram after exposing the scam on X. (Source: X @iamdoublewan)
Thanks to the dedicated efforts of the SlowMist team and the support of OKX, Wan’s stolen funds were successfully intercepted.
In an ironic turn of events, Wan received a message from the scammer, who congratulated him. The scammer feigned concern and falsely asserted that they initially had access to Wan’s FT account but no longer could. In reality, it was not Wan’s FT account that had been compromised; instead, it was the scammer’s OKX account. This elaborate ruse was designed to trick Double Wan into transferring funds that would ultimately disappear.
Screenshot of the scammer trying to mislead Wan after their account was frozen. (Source: X @iamdoublewan)
On X, the scammers impersonated a real Forbes reporter, Conor Murray, by creating a fake profile using his photo and information found on Forbes’ website. Since the incident, the scammers have refreshed the X account to impersonate another reporter from Bloomberg with a new handle – @thomasguaItieri.
In any case the username has been modified again, this is the account to watch out for – https://twitter.com/intent/user?user_id=1227934760669872129.
The account also reposted posts from respective media that are relevant to the identity to seem less suspicious. However, having only reposts under an account raises a red flag.
This was what happened after clicking “verify bookmark” on FT. (Source: X @iamdoublewan)
The threat is not new, as similar tactics have been used to compromise Discord accounts. This serves as a reminder that online platforms and websites are vulnerable to these tactics, putting various accounts and assets at risk of theft and misuse.
FT users must exercise vigilance by thoroughly inspecting bookmarks, browser extensions, and any suspicious activities. Implementing strong online security practices and promptly removing dubious bookmarks are essential steps to protect FT accounts and assets. It’s crucial to stay informed and cautious in the face of evolving cyber threats that aim to exploit vulnerabilities and target unsuspecting victims. Also, watch out on who you are talking to by verifying their identities. Stay on guard when face with strange web addresses and online usernames.
Here are some red flags and quick tips to look out for –
- Weird spellings
- Spelling errors
- Strange and long web addresses
- No personalised posts
- Only reposts
- No verified followers on X
- Bots followers
- Fake sponsored ads on google
- Do a quick research for any similar account (that could be of the actual person).
- Check with the official website or social media accounts.
- Ask around. There could be someone who is aware of the same scamming tactic.
- Don’t rush to act on anything. It’s always better to be safe than sorry.
- Be sensitive when filling up forms.
- Use another device that is not linked up to any wallets or similar accounts.