Hello world,

as many of you may already be aware, there is an ongoing spam attack by a person claiming to be Nicole.

It is very likely that these images are part of a larger scale harassment campaign against the person depicted in the images shared as part of this spam.

Although the spammer claims to be the person in the picture, we strongly believe that this is not the case and that they’re only trying to frame them.

Starting immediately, we will remove any images depicting “Nicole” and information that may lead to identifying the real person depicted in those images to prevent any possible harassment.
This includes older posts and comments once identified.

We also expect moderators to take action if such content is reported.

While we do not intend to punish people posting this once, not being aware of the context, we may take additional actions if they continue to post this content, as we consider this to be supporting the harassment campaign.

Discussion that does not include the images themselves or references that may lead to identifying the real person behind the image will continue to be allowed.

If you receive spam PMs please continue reporting them and we’ll continue working on our spam detections to attempt to identify them early before they reach many users.

  • Scott_of_the_Arctic@lemmy.world
    263·
    3 days ago

    I’ve heard that if you actually add her on friendica, the mayor of Toronto shows up at your house and gives you an old fashioned.

  • yarr@feddit.nlEnglish
    45·
    4 days ago

    This annoys the fuck out of me and I hope whoever is behind it doesn’t realize their goals, because I don’t want lemmy to degrade into a bunch of spam PMs.

    • douglasg14b@lemmy.world
      91·
      3 days ago

      TBF, it’s bound to happen.

      Guaranteed almost.

      Lemmy has minimal controls for protecting against spam and bot spam. It’s built to handle the internet 5 to 10 years ago, not the internet today.

      I can only hope that this changes because as soon as the platform becomes popular enough (which it is slowly). Then the rate of bot spam and other sorts of spam will just go through the roof, and there’s very little that admins can do to combat it without it becoming a full-time job.

      • KeenFlame@feddit.nu
        3·
        2 days ago

        We can have an opt in spam filter that makes it harder, the instances can defederate spamming instances (user) unless they do something which yes there is a lot admins can do at signup. Or have I misunderstood something?

    • Random_Character_A@lemmy.world
      6·
      3 days ago

      I don’t either want to see story on TV about Internet hacker group “Lenny” destroying womans life by a persistent harassment campaign.

  • Mpatch@lemmy.world
    3293·
    5 days ago

    I gotta give it to you guys. The foresight to prevent a disaster is 10/10. Top tier. Well done.

      • finitebanjo@lemmy.world
        145·
        5 days ago

        I saw a theory a while back that the IPs which receive the various images get logged allowing the recipients accounts to be tied to an IP and possibly even a physical address based on the timeframe it was sent. Is that a real concern or just conspiracy, do you think?

        • MrKaplan@lemmy.worldEnglish
          22·
          5 days ago

          That appears to be a baseless conspiracy theory.

          Except for the gore pms, I believe all the images have been uploaded to Lemmy instances or Imgur, which means that the uploader has no way to track IPs accessing those images. The gore images were uploaded to another service that at least on the surface appears to be another regular image hoster that wouldn’t expose IP access logs to uploaders.

          • Aphelion@lemm.ee
            7·
            5 days ago

            I don’t think its baseless given that anyone can set up their own Lemmy instance to host the PM’d images.

            • MrKaplan@lemmy.worldEnglish
              6·
              5 days ago

              The instance domains I’ve seen involved so far at least weren’t set up specifically for this purpose at least. Most of the URLs were pointing to established services and not different per recipient.

              While I can’t rule out that individual users may have received a different URL in an attempt to extract their IP and information about their browser, this at least does not appear to have been done in a larger scale.

              • Captain Aggravated@sh.itjust.worksEnglish
                5·
                4 days ago

                A day or two ago, someone spammed out a picture of a murdered body with the standard Fediverse Chick copypasta. That seemed to freak people out; the nicoled community locked down, this thread happened, etc.

                The gore photo seems to be a second actor/copycat. The Nicole spammer either came from their own instances or opened accounts very shortly before spamming, the gore photo, and a following anime style picture done in red-on-white saying “Do you like insanity?” seem to come from accounts that were made 2 years ago.

        • Ricky Rigatoni@lemm.ee
          31·
          5 days ago

          I find it difficult to believe there are enough fediverse users not using a VPN at all times to make that effort worthwhile.

    • givesomefucks@lemmy.worldEnglish
      524·
      5 days ago

      It’s pretty obvious …

      What’s scary is how many people just accepted that some woman wanted to randomly spam thousands of pictures with her smoking weed.

  • CarbonatedPastaSauce@lemmy.worldEnglish
    255·
    5 days ago

    Yeah it seemed funny at first but the longer this went on the creepier it got as we all realized this isn’t just a catfish.

    Whoever is doing this to the actual person in the photos is a terrible human being and should go climb under a rock for the rest of their lives.

        • tischbier@feddit.orgEnglish
          7·
          3 days ago

          It got super creepy when more shots of this women were released of her doing activities that no one would ever take a photo of themselves doing. Then the last photo was released separately of a NSFW don’t read if you are not in a place to read gore/graphic/assault

          Tap for spoiler

          Real photo of a dead woman who looks like Nicole in a morgue body bag with her flesh peeled off and her face beaten. It’s unlikely that this disturbing turn is real but it was horrific for people who received this last spam. That is what triggered the ultimate ban on all images (since this is most likely a psychopathic copycat). :(

        • TacoSocks@infosec.pubEnglish
          33·
          5 days ago

          I’ve seen several different images and there was a video on peertube. All of them look like content from a hacked webcam.

          • Ghoelian@lemmy.dbzer0.com
            16·
            5 days ago

            Yeah, that’s what I thought from the very first DM I received. It looks like Shea totally unaware a picture was taken of her. Surely, if this were real, “Nicole” would use a more flattering picture to potential friends.

        • Cryophilia@lemmy.world
          112·
          5 days ago

          It’s just creepy because in every other obvious scam like this for the last 10 years they use the same single picture of the same person on everyone. Now suddenly there are dozens of different pictures, all clearly of the same woman, going to different people.

  • jaybone@lemmy.zipEnglish
    1232·
    5 days ago

    Is this Nicole thing really still a thing? That’s so like back when I still had a 401k.

    • Senseless@feddit.org
      29·
      5 days ago

      So was it last week or the day before yesterday? It all happens so fast, I can’t - and frankly - refuse to catch up.

    • stebo@lemmy.dbzer0.com
      5·
      5 days ago

      i received another message yesterday, after my instance’s admin claimed they fixed the issue (i assume my blocking the spammer’s ip address from making new accounts)

      • MrKaplan@lemmy.worldEnglish
        17·
        5 days ago

        the problem with this spam and generally federated platforms is that you can only really try detecting it based on the content. the accounts tend to get created on another instance and then the messages federate over to you, which means you won’t see a lot of the identifying information you’d see for a local user, such as their IP address.

        • jaybone@lemmy.zipEnglish
          4·
          4 days ago

          IP bans aren’t great either. A decent spammer will just use a vpn. Then you’re just banning IPs from a service that other users might also use. An even more sophisticated bad actor would just use a bot net.

        • PattyMcB@lemmy.world
          5·
          5 days ago

          I just chalked it up to “a necessary evil” in order to take advantage of federated platforms. I found it funny at first, and then just ignored it. I never thought that it could’ve been some smear campaign, but rather scammers looking for easy targets.

          I’m glad mods are doing something about it, even if it’s not a perfect fix.

  • mechoman444@lemmy.world
    71·
    5 days ago

    About damn time. The joke has run it’s course a long time a ago and if these posts are victimizing an individual they most definitely need to be stopped.

  • SkaveRat@discuss.tchncs.de
    862·
    5 days ago

    Wait, there are people who genuinely believe she’s the one behind it?

    I thought it was pretty obvious that she’s the target of harassment. Some people must be new to the Internet

    • ilinamorato@lemmy.world
      441·
      5 days ago

      Yeah, I’ve been targeted by enough romance spam that I just assume any photo of a woman I don’t know was probably stolen from some random Tumblr or Instagram.

      • whatwhatwhatwhat@lemmy.world
        4·
        4 days ago

        I had to look it up, and after reading a lengthily Wikipedia page on Greek mercenaries, I tried the second result: an XKCD comic I’ve seen before but had forgotten. So today, I’m one of the lucky 10,000 again.

    • Captain Aggravated@sh.itjust.worksEnglish
      54·
      5 days ago

      I’ve seen internet harassment campaigns, none have looked like this. She doesn’t feel like the target here. If you wanted to use the internet to harass a girl, is this how you would implement it?

    • Cryophilia@lemmy.world
      810·
      5 days ago

      Speaking of new to the internet, it’s clearly not a harassment campaign against her. This is waaaay too much effort. There’s only 3 things that would engender this level of effort. Money, government spying, or mental illness.

      • tal@lemmy.todayEnglish
        21·
        5 days ago

        This is waaaay too much effort.

        If you are willing and able to do a bit of scripting, it’s not that hard to generate and send a bunch of messages on the Threadiverse.

        And there are people who will go to pretty extreme lengths to harass people who they are really upset with. An ugly breakup or something and…

      • MrKaplan@lemmy.worldEnglish
        16·
        5 days ago

        mentally ill people can have plenty of time on their hands to invest this much effort in harassing others. people claiming that this can’t be harassment are effectively supporting the harassment, as that tries to further blame the likely victim of this. obviously this is just speculation, as we don’t know the full truth.

        • Cryophilia@lemmy.world
          61·
          5 days ago

          people claiming that this can’t be harassment are effectively supporting the harassment, as that tries to further blame the likely victim of this

          I don’t think anyone seriously thinks the woman in the pictures is behind this.

          • MrKaplan@lemmy.worldEnglish
            5·
            5 days ago

            I’m sorry, sometimes it’s hard to tell whether people actually mean it. I can totally see people commenting that and being serious.

  • Strawberry@lemmy.blahaj.zone
    691·
    5 days ago

    Considering the spammer has used so many different photos, and they all seem to be “in the moment” webcam photos, I suspect they may have webcam spyware on the victim’s computer

    • Captain Aggravated@sh.itjust.worksEnglish
      43·
      5 days ago

      She looks to me like a college student attending an online class. Looks like it’s shot on a laptop’s built-in camera, lighting is whatever, she’s dressed casually and comfortably, facial expression is neutral or even bored…

      If you’re taking a college class via Zoom, can you see your classmates’ webcams?

      • Lime66@lemmy.world
        13·
        5 days ago

        Yes, almost always, if the professor requires you to have webcam on. AFAIK the whole meeting sees everyone who has webcam on.

      • evergreen@lemmy.world
        61·
        5 days ago

        Yes. Sometimes it is required to have your camera on. Even when it isn’t required, there are always some people who prefer to have theirs on for whatever reason.

    • MrKaplan@lemmy.worldEnglish
      29·
      5 days ago

      with the content i’ve seen it gave me more of an impression of being captures of a live stream, but that’s just guessing

    • brucethemoose@lemmy.world
      222·
      5 days ago

      Could be completely AI generated with variations of the same person. But that doesn’t really matter, the spam needs to go.

    • NotSteve_@lemmy.ca
      1·
      3 days ago

      Considering it says she’s in school, it seems more likely that it might be an online class where the students are sharing their webcam

  • Squorlple@lemmy.worldEnglish
    1094·
    5 days ago

    This is a copy+paste of a comment I left on the !Nicole@feddit.org mod post after the recent incident with the gruesome picture(s?):

    “I think if Lemmy doesn’t have the infrastructure to defend against attacks like these which are presumptively conducted by one bad actor, then it doesn’t have the infrastructure to defend against wealthy organizations when our communities do get big enough to be noticed by them.

    [!Nicole@feddit.org]’s history underscores how the messaging system in particular needs a massive overhaul; using image recognition as a filter for messages like Lemmy.World does for image posts (with options for NSFW that isn’t NSFL?), preventing images (and URLs? or only allowing white-listed sites?) from being sent within the first message sent between users (unless a box is ticked?), not showing message recipients images until they are directly opened, and preventing the de-anonymizing of message recipients should be made first priority for the next patch.”

    Edit: not sure if my comment is inciting other trolls/spammers to target me but I just got this DM several hours after commenting

    • Iceblade@lemmy.world
      30·
      5 days ago

      Honestly I think the easiest thing would be to not allow images or embedding at all in PMs and perhaps display a warning message when clicking links “you are leaving [instance name]…”

      Analyzing potentially lots of text and images in an effort to “guarantee” safety of users is likely a sisyphusian endeavour that is bound to fail - and furthermore also has privacy issues (namely that “private” messages aren’t private at all)

      • tal@lemmy.todayEnglish
        6·
        4 days ago

        not allow images or embedding at all in PMs

        I’d add — as someone who was concerned about and posted on the possibility that the aim of the spammer was exposing the IP address associated with the receivers’s username — that even if this wasn’t the aim from this event, it could be in some future event.

        I don’t think that disallowing inline images in direct messages will eliminate spam problems, even efforts of this sort, as it’d still be possible for a spammer to spam messages with indirect links to images hosted elsewhere. But it would help avoid leaking IP addresses of the receiving user.

        Or at least disallowing inline images in direct messages by default. I can imagine maybe someone enabling them on some kind of a private, decoupled-from-the-wider-Fediverse instance on an intranet or whatnot, but I really don’t think that this is something that nearly any instance should actually permit.

        • tal@lemmy.todayEnglish
          51·
          4 days ago

          For anti-spam efforts, I think that there are a variety of potential partial solutions. No complete fixes, but some:

          • Rate-limiting the comment frequency on new accounts. IIRC, Reddit used this tactic. It does create some issues for (legitimate) use of throwaway accounts in anonymous posts, but there’s no legitimate reason for a new account to blast hundreds of messages an hour, I think. This might already be present, but if not, it’d be a good start. This can be defeated by generating new accounts for each new message or batch of.

          • Rate-limiting new account creation from a given IP address, if not already present. An attacker could defeat this via use of a commercial VPN, and if too low, it could create issues for some commercial VPNs.

          • Hashing of messages to red-flag identical messages being posted en masse. As best I could tell, the spammer here was posting many identical messages. This can be defeated by a spammer having software slightly modify each message.

          • Fuzzy-hashing of messages to red-flag almost identical messages being posted en masse. This can be defeated via text generation methods that are carefully tailored to the fuzzy hashing mechanism to modify messages such that each fuzzy-hashes to a different value.

          • A mechanism to permit an account to share blacklists of IP or message hashes and trigger removal of messages on other instances, preferably associated with a specific identifier or account. This permits any other instances to leverage antispam work by one instance; if I want to trust a given antispam admin or bot on lemmy.world, I can. Let an instance admin review and override such removals, maybe. It creates abuse potential for malicious use or inadvertent false positives spanning instances, but I think that it’s necessary to avoid having each instance fight its own lonely antispam battles. Otherwise, new and personal instances risk being buried by a deluge of direct message spam. The same mechanism, if exposed to users and not just instance admins, would also permit for subscribable content filters for people who don’t want to see content of a given sort (e.g. profanity or pornographic content of a particular sort or whatever, not just spam), which is another issue.

          Fortunately, as far as I see as a user, we’re not yet at the point that there is much spam on here yet, so this isn’t yet a serious problem. Maybe it’ll never happen, if the userbase never grows much. But if the userbase gets considerably bigger, increasingly-problematic spam will inevitably follow.

        • MrShankles@reddthat.com
          16·
          5 days ago

          For anyone not clicking the link, but wondering what this reply means… it’s a link to the user’s comment (right below, within this comment chain) about a lemmy update

          I was confused for a sec and probably would’ve skipped over all of the context because I didn’t continue reading first (and I hesitate to click links randomly), so maybe someone else with no attention span will benefit as well

          "Lemmy update v0.19.11 provides ‘Dont render images in private message’

          Not every instance is updated to this version, but it should stop the current method of spam (if updated). I’m wordy, I know; but maybe it’ll help someone

    • socsa@piefed.socialEnglish
      9·
      5 days ago

      They are absolutely right. The quiet part of this is almost certainly that these DMs were being used to collect IPs from users using tracking links, and this is generally a big vulnerability in the fediverse many people seem unwilling to meaningfully confront.

    • Rikudou_Sage@lemmings.worldEnglish
      9·
      5 days ago

      Well, I for example develop an automod (which is available to everyone) which includes advanced stuff like scanning images in the content, scanning the text itself, detecting similarity between two images etc. This all in an efficient reactive manner using database level webhooks.

      There is the infrastructure for that, it’s being developed and refined with every new kind of attack that’s happening. As every other platform does, whether they’re commercial or open.