EBI Security Guide
While cheats and swindlers may be a dime a dozen, true conmen — the Bernie Madoffs, the Jim Bakkers, the Lance Armstrongs — are elegant, outsized personalities, artists of persuasion and exploiters of trust. How do they do it? Why are they successful? And what keeps us falling for it, over and over again? In the crypto space these conmen, use social networking platforms to disguise and abuse our trust. At first, their ticks may seem complex, but surprisingly there are patterns and signs every non-expert Discord user can use to make sure you are talking to the correct person, and not the swindlers and conmen.
Rule 1: Don’t Trust Discord Username and Discriminator ID
A discriminator is the number displayed next to someone’s username on Discord. This is how Discord differentiates between users with the same username. Discriminators range from 0001 to 9999 and are randomly assigned. Discord Usernames and discriminator ID’s are not unique. They can be, and are, heavily exploited by scammers:
Discord has 3 ways to track users:
- Your name and avatar
- Your discriminator ID (the 4 digit number after your name)
- Your long-ID (hidden from users unless developer mode is enabled)
Anyone can have the same identical name as you. They can even have the same avatar as you, making themselves indistinguishable from you, even on the same server. But, your discriminator ID, the 4 digit number after your name, is fixed and can't be changed, or can it? Well, it turns out that’s not the case, because of a Discord program called Nitro. Discord Nitro is sort of the VIP version of Discord, and allows for things like animated avatars and emojis, early access to games, and other perks.
One perk that scammers have found particularly useful is that it allows Nitro users to have a custom discriminator ID. That means that if you have a Nitro account you can not only change your name and avatar to the person who you are imitating, you can also have the exact same discriminator ID.
What EBI Does to Fight This
EBI has bots in our Discord server, where if any user takes the name of an Energi Core member or support person, that user is instantly banned from our server. Like the picture demonstrates here below:
Moreover, our system also includes a number of words associated with malicious behavior like Energi-support and known common names scammers like to impersonate like Louis Thomas:
Also, due to the high association between Nitro accounts and fraudulent activities, we autokick anyone who changes their discriminator ID. According to our data, discriminator manipulation has over 90% chance of being malicious.
Tip: Some people incorrectly assume that this means that the scammers are spending money on these accounts because nitro accounts cost 10$ a month. That’s unfortunately not the case, the accounts these scammers use are trial nitro accounts that are only valid for a few weeks. Sadly in some remote corners of the internet, people with dark minds have found a way to crack the trial key accounts (using tools such as hashcat).
Rule 2: Direct Messages Are ALWAYS Where Bad Things Happen
Direct Messages (DMs) are where we’ve seen scammers do their ill deeds in 100% of the cases.
Direct Messages are a minimalist version of Discord servers between multiple users. They don’t have a permission system, and they only have one text channel. Users can only be invited directly by friends, unlike guildservers where this has to be done using an instant invite link.
Who Can Send DM’s to People?
You can’t just send a DM to anyone like you can on other platforms.
There are two rules to this:
- Need to be friends (default: can be changed in settings)
- Must share a server (default: can be changed in settings)
The scammer has two ways to contact his prey. They can use a common server, that they share with the target victim, or they can send a friend request posing as a fake person and hoping a user will accept their friend request.
What Energi Does to Fight This?
Energi’s core, support staff, and community managers do not provide any direct messages to support or conduct private business transactions through private messages. If you ever have been talking to an Energi core team member, who is offering you a partnership in a private pool, OTC deal or technical support through DM’s it’s a SCAMMER!
Rule 3: Always Check the User Who is Talking to You Through DM
This is the most simple rule to use and doesn’t require the enabling of hidden functions (e.g. Discord developer mode) to be 100% effective. (disclaimer: EBI only endorses this method on Energi servers because proper security hygiene is done on the server).
If someone is talking to you through DM, you can simply check the user by clicking the profile, and select mutual servers.
If the user with whom you are talking is not sharing the server with you, when you click mutual servers, then that’s a clear red flag, and you can almost guarantee that this user is not who they say they are.
What Energi’s Doing to Prevent This
The most notorious and dangerous scammers avoid our server like it has the plague because of our security measures.
They then resort to using two or more discord accounts to attack their victim, where one account is “clean” and behaves like a normal user (making the behavior undetectable). This is the scout (the spy).
Once they identify a possible victim with their scout, they then contact the victim using a second account that’s not on the same server.
Then we can’t ban them from our server (because they’re not on our server). But that doesn’t mean we can’t do anything. Once a community member reports a user who’s imitating one of our staff members, we file a DMCA (Digital Millennium Copyright Act) takedown on the account on Discord, and the account’s avatar has to be removed within (72 hours from us filing the complaint).
Tip: Because the swindlers want to have an identical Discord Username and Discriminator ID, the only way to do that is by using these VIP (Nitro) trial accounts. You can detect these accounts by clicking a profile and look out for the discord nitro logo associated with the fake accounts. You can even see their subscription date if you hover over the icon with the mouse, fraudulent accounts tend to be new: