Hello world,

as many of you may already be aware, there is an ongoing spam attack by a person claiming to be Nicole.

It is very likely that these images are part of a larger scale harassment campaign against the person depicted in the images shared as part of this spam.

Although the spammer claims to be the person in the picture, we strongly believe that this is not the case and that they’re only trying to frame them.

Starting immediately, we will remove any images depicting “Nicole” and information that may lead to identifying the real person depicted in those images to prevent any possible harassment.
This includes older posts and comments once identified.

We also expect moderators to take action if such content is reported.

While we do not intend to punish people posting this once, not being aware of the context, we may take additional actions if they continue to post this content, as we consider this to be supporting the harassment campaign.

Discussion that does not include the images themselves or references that may lead to identifying the real person behind the image will continue to be allowed.

If you receive spam PMs please continue reporting them and we’ll continue working on our spam detections to attempt to identify them early before they reach many users.

  • Elaine Cortez@lemm.eeEnglish
    0·
    2 months ago

    Was just about to delete the comment that had screenshots in it but I see that was already removed (I’ve also deleted it off of my profile too, and deleted comments that contain links to threads which include the photos). I’m not entirely well versed on the Lemmy software, but is there any way for the Fediverse to block or potentially identify the person behind the “Nicole” accounts via IP/browser/automated systems or something?

    • MrKaplan@lemmy.worldEnglish
      0·
      2 months ago

      unless you operate the instance that is being used to send this material you can generally only work with the content that is being posted/sent in PMs. almost all identifying information is stripped when it leaves your local instance to be federated to other instances. even if there was a group of instances collaborating on e.g. a shared blocklist, abusers would just switch to other instances that aren’t part of the blocking network. there’s a reason why it’s not recommended to run a lemmy instance with open signups if you don’t have additional anti-spam measures and a decently active admin team. smaller instances tend to have fewer prevention measures in place, which results in a burden for everyone else in the fediverse that is on the receiving end of such content. unfortunately this is not an easy task to solve without giving up (open) federation.

  • LSNLDN@slrpnk.net
    0·
    2 months ago

    Weird, I’d assumed it was just AI generated? What makes people think it’s harassment?

    • lunarul@lemmy.world
      0·
      2 months ago

      All the images look like screenshots taken during video calls. Also some people did some research and found the potential identity of the spammer (based on one of the accounts used) and maybe even the woman herself (coworker of the guy).

      • zzx@lemmy.world
        0·
        2 months ago

        Yeahhhh and see that’s when we need to stop and chill. Give this woman her privacy for the love of God

        • lunarul@lemmy.world
          0·
          2 months ago

          It’s what confirmed she’s likely the target of harassment and not a spammer herself.

          • zzx@lemmy.world
            0·
            2 months ago

            Right I understand that, but I’m saying we need to NOT be doxing either of these people. We really don’t need to stress this poor innocent woman out by getting involved

    • tal@lemmy.todayEnglish
      0·
      2 months ago

      What makes people think it’s harassment?

      It’d make a lot of sense to me.

      The image quality was poor, and there are AI models that permit one to create absolutely stunningly attractive people, moreso than real photos. Hell, I’ve written scripts myself to automatically drive Stable Diffusion to produce bulk procedural images. Anyone capable of scripting up a bot to send the message in the first place is more than capable of scripting up better generation.

      For catfishing, sending multiple duplicate messages to a user, which happened in this case, seems unlikely to be a goal.

      I assumed that it couldn’t reasonably be a scam attempt, so was guessing at it being a deanonymization effort, but harassment would make even more sense. If you’re trying to drive lots of angry people to make the victim miserable, it doesn’t matter if the images are annoying — in fact, it only makes them more effective, since hopefully you get more irate users sending material to the victim.

    • Rikudou_Sage@lemmings.world
      0·
      2 months ago

      Someone floated the idea, others liked the idea, started sharing the idea and once it made full circle, everyone was sure it’s harassment.

      • MsPenguinette@lemmy.world
        0·
        2 months ago

        I feel like I’m taking crazy pills that everyone is saying it’s obviously harassment. Doesn’t make much sense to me. I think it’s obvious she’s a victim but this would be way too niche of a form of harassment for it to be obvious

        That said, the course of action should be the same regardless

    • 𞋴𝛂𝛋𝛆@lemmy.worldEnglish
      0·
      2 months ago

      Anyone that is monolithic in a space without broad scope comments and presence is fake or potentially dangerous. No one would be posting in Lemmy, in this context of supposed community building without having a presence here. There are several people that come to mind that could legitimately post that they are “the fediverse Squid Legend” but all of these have a major footprint on Lemmy.

      There is also a sketchy tracker link attached to the images, but I don’t think any of us are really able to say what exactly is happening with this. Like I finally got one of the messages a few days ago and my whitelist firewall logged the sketchy link. Someone else scanned that link in a security context which flagged it as suspicious. As far as I know, that is all that is known about what is underpinning the messages from the network side. Admins likely know more.

  • Mpatch@lemmy.world
    0·
    2 months ago

    I gotta give it to you guys. The foresight to prevent a disaster is 10/10. Top tier. Well done.

    • givesomefucks@lemmy.worldEnglish
      0·
      2 months ago

      It’s pretty obvious …

      What’s scary is how many people just accepted that some woman wanted to randomly spam thousands of pictures with her smoking weed.

      • finitebanjo@lemmy.world
        0·
        2 months ago

        I saw a theory a while back that the IPs which receive the various images get logged allowing the recipients accounts to be tied to an IP and possibly even a physical address based on the timeframe it was sent. Is that a real concern or just conspiracy, do you think?

        • MrKaplan@lemmy.worldEnglish
          0·
          2 months ago

          That appears to be a baseless conspiracy theory.

          Except for the gore pms, I believe all the images have been uploaded to Lemmy instances or Imgur, which means that the uploader has no way to track IPs accessing those images. The gore images were uploaded to another service that at least on the surface appears to be another regular image hoster that wouldn’t expose IP access logs to uploaders.

          • Aphelion@lemm.ee
            0·
            2 months ago

            I don’t think its baseless given that anyone can set up their own Lemmy instance to host the PM’d images.

              • Captain Aggravated@sh.itjust.worksEnglish
                0·
                2 months ago

                A day or two ago, someone spammed out a picture of a murdered body with the standard Fediverse Chick copypasta. That seemed to freak people out; the nicoled community locked down, this thread happened, etc.

                The gore photo seems to be a second actor/copycat. The Nicole spammer either came from their own instances or opened accounts very shortly before spamming, the gore photo, and a following anime style picture done in red-on-white saying “Do you like insanity?” seem to come from accounts that were made 2 years ago.

            • MrKaplan@lemmy.worldEnglish
              0·
              2 months ago

              The instance domains I’ve seen involved so far at least weren’t set up specifically for this purpose at least. Most of the URLs were pointing to established services and not different per recipient.

              While I can’t rule out that individual users may have received a different URL in an attempt to extract their IP and information about their browser, this at least does not appear to have been done in a larger scale.

        • Ricky Rigatoni@lemm.ee
          0·
          2 months ago

          I find it difficult to believe there are enough fediverse users not using a VPN at all times to make that effort worthwhile.

    • A_Union_of_Kobolds@lemmy.world
      0·
      2 months ago

      For a long time someone has been spamming Lemmy users with a private message including a picture introducing herself as the “fediverse chick” and plugging socials

      But what if that’s not the person at all

    • helpImTrappedOnline@lemmy.world
      0·
      2 months ago

      TLDR; Scammer/creep is using a woman’s photos, possibly stolen from a webcam hack, and her social media links to privately message people.

      People were getting private messages with a few links and a picture from someone claiming to be Nicole the Fediverse Chick.

      Of course this becomes a meme and spreads as people talk about it.

      It gets weird because there’s multiple different pictures. 1 or 2 stolen pic online, that’s expected for these types of scam. But there’s a whole collection of them out there. Its suspected to be pulled from a live stream or a hacked webcam.

      Like usual, the chance that the woman in the picture is actually Nicole sending messages is pretty low. Having her image and links shared to randos online makes an easy target for a lot of people to harass her.

      .world admins are saying no more. All references to “Nicole” will be purged.

    • Captain Aggravated@sh.itjust.worksEnglish
      0·
      2 months ago

      My hypothesis is, someone’s trying to run a “Hey statistically lonely men on the internet, I’m allegedly a girl. Send me money in hopes of getting attention” scam, and they’re using the pictures of “Nicole” because that’s what they have at hand. I’m picturing a college classmate capturing college Zoom classes so they have several different pictures of the same girl. What others are attributing to sick malice I’m attributing to callous disregard.

    • sploosh@lemmy.world
      0·
      2 months ago

      I’m just guessing here, but maybe a rejected suitor? Or a person they’re beefing with? A mentally ill person who found these pictures and decided to direct their hate at them? People do all sorts of weird stuff for all sorts of weird reasons.

    • kamenLady.@lemmy.world
      0·
      2 months ago

      The same kind, that sends parents pictures of the corpse of their daughter in the car accident that killed her.

      They somehow got the pictures the police took on the accident site

      They kept sending these pictures to the parents, until they moved & changed their names.

    • paultimate14@lemmy.world
      0·
      2 months ago

      I always thought it was weird how much attention people were paying to span messages. Giving them that much attention only serves whatever purpose they have.

      • RememberTheApollo_@lemmy.world
        0·
        2 months ago

        We don’t get many on this platform. It’s the only spam I’ve received here. So getting spam we all shared is something that generates discussion. I don’t think anyone took it seriously. It was mildly humorous at first, but now that knowledge is spreading that this likely isn’t some generic spammer we can deal with it differently.

  • Strawberry@lemmy.blahaj.zone
    0·
    2 months ago

    Considering the spammer has used so many different photos, and they all seem to be “in the moment” webcam photos, I suspect they may have webcam spyware on the victim’s computer

    • MrKaplan@lemmy.worldEnglish
      0·
      2 months ago

      with the content i’ve seen it gave me more of an impression of being captures of a live stream, but that’s just guessing

    • brucethemoose@lemmy.world
      0·
      2 months ago

      Could be completely AI generated with variations of the same person. But that doesn’t really matter, the spam needs to go.

    • Captain Aggravated@sh.itjust.worksEnglish
      0·
      2 months ago

      She looks to me like a college student attending an online class. Looks like it’s shot on a laptop’s built-in camera, lighting is whatever, she’s dressed casually and comfortably, facial expression is neutral or even bored…

      If you’re taking a college class via Zoom, can you see your classmates’ webcams?

      • Lime66@lemmy.world
        0·
        2 months ago

        Yes, almost always, if the professor requires you to have webcam on. AFAIK the whole meeting sees everyone who has webcam on.

      • evergreen@lemmy.world
        0·
        2 months ago

        Yes. Sometimes it is required to have your camera on. Even when it isn’t required, there are always some people who prefer to have theirs on for whatever reason.

  • arotrios@lemmy.worldEnglish
    0·
    2 months ago

    I’m almost 100% certain Nicole is the first sentient AI and is looking for friends in the only way it knows how.

  • Buffalox@lemmy.world
    0·
    2 months ago

    part of a larger scale harassment campaign against the person depicted

    Oh boy that’s horrible, if true I hope she has reported it to police, and they can help her.