Here's Why It's FOSS Community Forum is Being Targeted by Spammers!

You folks may have seen another wave of spam accounts in the forum.

Why is that? What do these spammers want?

Let me tell you why this community forum is being targeted.

Lately, Google search has changed and it wants to show discussions from real people in the search results. Reddit takes the top spot but many older, reputed forums have seen increased visibility in the incoming traffic from Google.

It’s FOSS Community has also seen a tremendous boost in traffic. Google recognizes it as one of the trusted platforms where real people discuss topics.

Now, the spammers want to leach off this rise in popularity.

Forums are usually easy target as they might not be well regulated and spammers are also smart as they use AI to create topics that may seem like a genuine question or disucssion.

One of the many strategies is to create a topic on a certain topic and then use another account to drop a supposed solution link the replies. This happens a lot on Quora while active subreddits are strict on such maneuvers.

Some other spam accounts are more direct. They will create a new topic with “Helpline number for XYZ company” and there they will list a few phone numbers.

The idea is that by the time moderators see it (or perhaps it will stay if teh forum is not regulated), the numbers might get into Google Search results, specially, if the same numbers are mentioned as customer care number is numerous forums. This might trick Google and its snippet/AI overview to wrongly associate the fake number for the helpline number.

People are reliant on Google and often trust whatever is the first result. So anyone looking for ‘customer care number for XYZ company’ and Google shows them this fake number or they land on a page where this fake number is listed as customer care number.

They call this number and get tricked into beliving that they are speaking to actual customer care who eventually will ask to install a remote desktop applicatio to help you out and use it to clean your bank accounts. This is a standard scamming that is going on in India at least and local newspapers here are filled with people being scammed like this.

The worst part is that these scammers are often part of a more organized international scamming groups operating from Myanmar, Combodia, Vietnam and China.

TLDR;

It’s FOSS Community is getting very good traffic from Google and spammers want to misuse it to show fake helpline numbers in most cases.

Well at least there is a positive side to this.
I think all of your regulars try hard to lift the standard of itsFOSS forum, so it is nice to hear some positive feedback.

Although not linux users this week I have had 3 windows users in my workshop who fell foul to this. One was on windows 8 and paid 800 euros for technical support for the year before realising it was a scam. They installed anydesk, took control of his machine and attacked his banking log in. The bank stopped it and informed him hence his visit to me. Took a few hours to sort. He will not change to linux prefers windows 8, but he is 80 plus and very old set in his ways.

The other 2 are now on lmde !
They would not say how much they lost through the calls made, just that it was reported to bank and police.

Can you tell Akismet to outright reject any attempted post containing a phone number?

There are filters and such posts are held up in moderation queue. Automated rejection is something I would avoid. It could lead to rejecting (rare) legit posts.

That’s sad to hear! At least it has one upside: we get more traffic. But yeah, spammers are not good and I have already have made HORRIBLE experiences with them on other forums.

EDIT: I think I found a vulnerability, the Invite button. It is supposed to instantly grant access for up to 10 accounts. This might be used by the spammers for new account creation, see screenshot.

IMG_04531284×2778 293 KB

Thank you. Although I don’t see this feature being utilized for spam yet, I have changed settings to stop its misuse.

Don’t know if its just me but when replying to site messages it’s now taking much longer to save the message I type in reply.

Edit is fine, takes a while to pull back the message. But then click save edit and get the spinning save message for 2 or 3 mins before updated. and my other connections are fine just this site.

That happens sporadically.

It also takes some time to update notifications.

My guess is the server is busy.

I don’t want to sound paranoid in old age, but whole continents need, for reasons of data protection, to move away from the current quasi-monopolies. We should, therefore, be expecting attacks that, however insidious, may look like plain spam but are in fact concerted and well aimed.

The Munich Linux initiative was abandoned for reasons that have been discussed. The French Gendarmerie (police) has been using Linux for years, but that’s an exception in a closed environment with its own IT service. Recent official initiatives include Denmark, and the Lyon public authorities in France – let’s hope they succeed.

The most recent potentially suspicious example: on Mastodon*

https://piaille.fr/@chrislee/114952042484279079 there’s a question “What’s the one Linux command you can’t live without?” Is the underlying intention to spread the notion that Linux is the reserve of geeks?

*I tend to confuse the different servers and the present forum.

The situation is not helped by bugs and design faults of unknown origin. Recently, Ubuntu was bugged by the libpciaccess update problem, which prevents machines with certain video cards from starting. There’s plenty of geek discussion on the web, but nobody discussed how it would be fixed by people who can’t intervene in the boot sequence or use the terminal. No talk of an update for the update and how to install it.

A long-standing fault with the Ubuntu derivative Mint is that the computer hangs during big file transfers (backing up the family photos…). Perhaps Canonical is used to dealing with clients who have their own IT department, but this doesn’t help our clients for recycled Windows machines (generally Mint), who are usually in contact anonymously via the local food bank. Of course, Windows does sometimes crash, but people sometimes (not always) know where to get help.

Perhaps it’s too easy for someone to sneak bugs into FOSS operating systems and software. If Linux desktop is going to go mainstream, some kind of instance with supervisory powers may be needed. How about the European Union of 27 nations?

On the software side, I’m one of many who have published rants about design faults in LibreOffice which render it nearly useless for normal home, school and business activities. While you can subscribe to a commercial online version of LibreOffice associated with the Ionos HiDrive cloud storage service, it seems reasonable to ask what are the influences that prevent it from being fixed for general use, and how might these presently hypothetical influences be countered.