I became my own High-Interaction Honeypot
I ended up attracting more attention than I wanted as soon as I started publishing that I knew *things* about Bitcoin and Blockchain. I decided to become a high-interaction honeypot.
You know the videos of newly-hatched sea turtles furiously flapping toward the ocean? That is how I was feeling as soon as I put “bitcoin” on my LinkedIn profile. I knew I might get offers for bitcoin mining, day trading, or longer-term staking. What I wasn’t expecting is the onslaught of social engineering that these folks employ. “Fear of Missing Out” (FOMO), “I am ’like’ you, I can show you how…”, “If you invest another $2500… “. I can now say I have fended off them all.
One account executive at a bitcoin mining company engaged my interest a few months ago. I decided to try staking into bitcoin mining. I only invested what I felt I could lose (which isn’t that much — I am risk-averse).
This person engaged me on LinkedIn, and I asked many questions about the bitcoin mining cycle when I could divest or invest more and view my earnings. I got all the correct answers at that moment. As we discussed more in-depth, I made a modest investment; the account manager urged me to invest more now that I had seen my 10-day returns. My returns were impressive. My humble investment had increased 9-fold by the end of the first cycle. Within that period, the account manager engaged me in chats about our children, our food preferences, and how we both thought Bitcoin could change the world. I performed a reverse look-up on her LinkedIn photo. It was the only image I could find on the interwebs. You would think a profile photo with her name would yield a few Facebook or Instagram images. Nope.
Red Flag #1.
When she pressed me to invest more, we started texting more with a Utah area phone number. The account manager was pushing hard for a significant investment. She rebuffed me when I asked if we could have a Zoom call (I assumed a more intimate level of acquaintance due to our daily texting). She said texting was the best method for her schedule. She also told me she owned a second home in New Jersey. After some public records sleuthing — there was no evidence of homeownership or even name look-up in Utah or New Jersey. The Utah phone number that I was texting turned out to be a parasitic account from Google. The scam is when a person finds your phone number in any open online forum (Facebook Marketplace, for example) and hijacks it for texting. I called the Utah number, and the person had no idea the account manager was using their phone number for texting clients.
Red Flag #2
Another subtle “tell” was that her syntax was formal and odd for a US Citizen. She utilized incorrect verb tense occasionally. Her stilted grammar was apparent as her flurry of texts cajoled me into sending more money to the mining account. This technique is typical social engineering as she could intuit that I was applying more scrutiny to her requests. I pointedly asked about her daughter and the pending wedding. Her answers became vague as I pressed for details within our casual conversations. All of our discussions (via text) ultimately insisted that I was missing out if I didn’t allocate more funds for the mining.
Red Flag #3
I performed a search on Reddit and a general Google inquiry to find any associated companies for the account manager. I discovered that the person had been an account manager for other ephemeral capital finance companies. These “fly-by-night” groups set up shop, have a credible dashboard user interface to show mining earnings, and then urge you to invest over your initial amount. They are working with human greed. Once a client views their earnings via the dashboard — this encourages more investment — the more crypto will hasten the mining proceeds (this is the spurious advice). You will be tempted to double-down and send more Bitcoin. What they don’t tell you is that it is much harder to divest than invest. There is an initial 10-day mining period where they explain that your assets are frozen. It will be more challenging to take all your capital plus the Bitcoin you accrued via mining as the account manager will advise you to stake more bitcoin.
She kept encouraging me to “top-up.” Her online “footprint” wasn’t vast, but it was telling. Via a deep dive on scam alert sites, I found her name mentioned several times with concomitant pending lawsuits. When I brought up these suspect mentions—she became accusatory and defensive. She pointed out that my name search on LinkedIn brought up other similar names (how this bolstered her innocence is laughable).
Red Flag #4
I would have stopped at Red Flag #1 — but I was intrigued by how this would play out. I wasted four months of the account manager’s time.
Assumptions
The account manager presented as a “she/her/hers,” but I have no idea of the person’s real identity. I am now picturing a sweaty neckbeard in a basement surrounded by whirring mining PCs.
The account manager created the atmosphere that we were friends. After I told her I didn’t want to invest anymore, her friendship soured rather quickly. She accused me of unprofessionalism and texted several times to discover if I was investing in an Ethereum platform (I am).
Takeaway
This investigation was fun. I love creating a false atmosphere of camaraderie for scammers. Did this experiment cost a few bitcoin? Yes, but it was worth it.
