An Approach to Identifying Crypto Scammers Using WHOIS Records

Hello there, ecosystem.

My name is Peace (@iamoracle#0226 on Discord). I would like to propose a method of identifying scammers attempting to defraud innocent Celo community members. It was initially proposed during the Celo Community Moderators meeting on October 4th that a record of all Celo official links (including verified partners) be made available on all of our social media channels (Discord, Twitter, Telegram, etc.). @vissequ pointed out that the majority of the victims were duped before coming to file a complaint or check the official websites. As a result, some preventive measures will be more appropriate, such as discouraging scammers from registering domains similar to CELO.

However, given the number of domains registered per hour, this will be a time-consuming task. For this reason, I would like to propose to the security team a bot that can retrieve a list of newly registered domains from WHOIS and perform a deep regex search on potential uses of the name Celo. The bot should have the ability to send an email to the abuse email address.

Furthermore, new members should be sent a welcome message (visible only to them on the channel-I don’t recommend a DM due to the possibility of scammers using the same methods) with a link to the #official-links channel.

Kindly drop your opinion on how to make this more effective.

5 Likes

Agrre with you.
We have to make the #Official-Links channel (Only Read Channel) first in Discord to be able to point new member to this channel.

1 Like

Yes, whenever a member joins, they should be sent to the #official-links and click “agreed” to make sure they have gone through the links.

1 Like

Thank you for posting this @iamoracle. This is a great summary of our mod discussion regarding this issue. I have a couple thoughts and questions:

  1. I wouldn’t have the bot automatically send emails to the registrar’s abuse address because we could risk shutting down legitimate sites using Celo which are created by our members without any intent to defraud. I think the bot should post its findings in a table where the moderators (or some other group) can manually review the flagged websites and then forward only the necessary ones onto the legal department.

  2. What is the first channel a new user sees going to be?

  • Introduce-yourself
  • General
  • Whitelisted websites

I think it should be “Introduce yourself” and the bot like you mentioned should send them a post in that channel (visible only to the new member) instructing them to pick their role.

  1. This is less important and it may sound a bit particular, but there could be a small issue as to who has the authority to whitelist a certain website and what the criteria for whitelisting them would be. A website like Ubeswap would easily be added immediately, but when a new website is created by a user and they ask to be whitelisted, then what does that mean for us? Do we have to audit their contracts? We could assume some liability if we whitelist a newer site without spending a lot of time reviewing it (and I don’t think we have the time to do that).

Edit: I don’t think sending them to the whitelisted website list right away is necessary. I think it’s much more important for them to pick their roles. The website list could just be prominently visible to all users in the channel list.

1 Like

I think increasing the monitoring of similar domains that are registered could help a lot to prevent the proliferation of malicious actors & scammers that have the only intention to harm users and discredit Celo Brand.

2 Likes

Hey, thanks for bringing this up. AFAIK, for most TLD’s (.RU being an exception), there’s no central list of newly registered domains available for download. I’ve seen some information brokers aggregating and selling this information, which may be worth looking into.

The idea of an automated scam spotter is a good one. Even doing whois on a site and seeing if it uses a sketchy DNS registrar, is a good way to spot scam sites.

If the community is willing to help out with something like this, it would totally be welcomed. Maybe we can spin up a project.

Edit: DM’d with @iamoracle, apparently there are db’s of newly registered domains for download.

4 Likes