this post was submitted on 18 Mar 2025
79 points (96.5% liked)

Nicole [LOCKED]

360 readers
40 users here now

Due to recent developments, we've had to lock down this community until further notice. For more information, please take a look at this post: https://feddit.org/post/10515288

Thank you for your understanding.

founded 1 month ago
MODERATORS
30p87@feddit.org
FQQD@lemmy.ohaa.xyz
FQQD@feddit.org
79
MIND MAP: THE CURRENT KNOWLEDGE (files.catbox.moe)
submitted 3 weeks ago* (last edited 3 weeks ago) by FQQD@lemmy.ohaa.xyz to c/nicole@feddit.org
41 comments fedilink hide all child comments
 

I spent some time creating this mind map to sum up everything you'd want to know about the scam messages, as well as the common theories. I will try to keep it updated. If you have anything to add to this or critique, please let me know.

Might take a while to load, it's a very high res image. Here's a link alternative: https://files.catbox.moe/csls12.jpg

This should be obvious, but due to the recent developments I want to have this here as a warning:

Don't send the scammer any money, even as a joke.

all 42 comments
sorted by: hot top controversial new old
[–] dfyx@lemmy.helios42.de 4 points 5 days ago (1 children)

Can't directly reply to https://feddit.org/post/9414518/5879894 because my instance doesn't want to pull that comment, so please excuse me posting it top level

Are we sure if all Nicole messages are from the same person? The ones with crypto addresses may be a copycat, trying to make money from a scam that was originally designed for something else. The abundance of accounts makes that hard to track.

[–] FQQD@lemmy.ohaa.xyz 0 points 5 days ago* (last edited 3 days ago)

The crypto adresses could also be found in the description of the matrix channel, which was advertised by accounts without crypto in the spam messages

Edit: So many downvotes - am I mistaken?

[–] dfyx@lemmy.helios42.de 3 points 5 days ago (1 children)

The most recent photo includes a carton of Del Monte Orange Morning Sunshine juice which is available at Costco Canada. In Europe, they use a different design. So if this is a case of someone stealing someone else's photos, they at least seem to get the location right.

[–] FQQD@lemmy.ohaa.xyz 2 points 5 days ago

Yes, based on this and more evidence, it's probably actually true that she lives somewhere in Canada.

[–] originalucifer@moist.catsweat.com 20 points 3 weeks ago (2 children)

i love everything about this.. huge diagram fan..

my only criticism is the lack of mbin... ive been nicoled ~5 times directly on an mbin instance.

only really pertinent because im on a small instance with ~ 180 user accounts. how does she knooooow

[–] Kraiden@kbin.earth 14 points 3 weeks ago (1 children)

Can confirm: Also mbin, also been nicoled

[–] Emotional_Series7814@kbin.melroy.org 3 points 2 weeks ago

Also Mbin, also had Nicole spam

[–] Shadow@lemmy.ca 19 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

I can add a few data points.... https://lemmy.ca/u/fujinamilo was the nicole spammer on lemmy.ca, they used this account to test getting through filters. They logged into it from a VPN, and logged out (destroyed their session) when they were done.

They seem to message in batches of users, notice how both batches went to the same users in the same order at the top here: https://lemmy.ca/pictrs/image/b40f9e02-a162-4e56-8b5e-79b563a786c9.png

They like to spam the same users repeatedly: https://lemmy.ca/pictrs/image/ffd36fbd-2452-4806-960a-6d291b9c6d1a.png

Seeing as they actively joined lemmy.ca and tried to get through my filters after I made a post about them, it's reasonable to say they're watching us and probably having a lot of fun playing with everyone. Have we tried just asking for an AMA?

[–] morbidcactus@lemmy.ca 8 points 3 weeks ago

It's kinda interesting that they seem to be targeting specific users, glad your filters are working.

I really want to know how people are being targeted. I've only received one, have zero idea if it was a specific post or community? I think mine was after a post rather than a comment, but I can't recall.

[–] brot@feddit.org 10 points 3 weeks ago (1 children)

What Mindmap software is that? It looks really cool

[–] FQQD@lemmy.ohaa.xyz 6 points 3 weeks ago (2 children)

Not FOSS sadly, but this is FigJam on figma.com.

[–] 30p87@feddit.org 17 points 3 weeks ago (2 children)

... figma ... FIGMA BALLS

(I can do that, I'm a mod)

[–] FQQD@lemmy.ohaa.xyz 7 points 3 weeks ago

I suppose you can.

[–] rozlav@lemmy.blahaj.zone 6 points 3 weeks ago (1 children)

I recently tried Minder as it's kinda beautiful, sorry for being a fosstechbro, nobody was asking (ಥ﹏ಥ)

[–] FQQD@lemmy.ohaa.xyz 5 points 3 weeks ago

Looks like an actual nice program. I'm a big FOSS advocate myself, but I still use some other software for convenience's sake.

[–] Nougat@fedia.io 9 points 3 weeks ago

The first one I received here was about a month ago from "missy29" at lemmings.world. Body of the message still said "Nicole" though, with some very early boilerplate text.

For completeness sake, I've also gotten from a nicole101 and a nicole40.

[–] Olgratin_Magmatoe@slrpnk.net 8 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

If we could get the IP and email addresses from instance admins it could help figure this out.

[–] nichtburningturtle@feddit.org 8 points 3 weeks ago (1 children)

Not all instances require an email. For example we don't.

[–] Olgratin_Magmatoe@slrpnk.net 7 points 3 weeks ago (1 children)

What % of the instances these are coming from are instances that require email also would be a good thing to collect.

[–] nichtburningturtle@feddit.org 6 points 3 weeks ago

Most of the used instances are abandoned without active moderation and even with the email requirement, there isn't a built-in way for lemmy to filter out temp mails. The abused instances are unlikely to have automod running.

[–] muntedcrocodile@lemm.ee 6 points 3 weeks ago (2 children)

Is it perhaps someone rolling out a relatively harmless spam across Lemmy to get Lemmy to improve its moderation tools?

[–] FQQD@lemmy.ohaa.xyz 15 points 3 weeks ago (1 children)

Possibly, but I think this is off the table since they added crypto addresses

[–] Shadow@lemmy.ca 5 points 3 weeks ago

I mean if i was doing this I'd add crypto addresses just for the lols, and wouldn't actually expect any.

[–] Olgratin_Magmatoe@slrpnk.net 12 points 3 weeks ago* (last edited 3 weeks ago)

The picture doesn't seem to be AI, and it's unlikely to be the person from the picture. I highly doubt someone would use an innocent person's face for spam across the fediverse for the sake of improving security.

Especially because the security against spam was always going to be put to the test no matter what.

[–] bamboo@lemmy.blahaj.zone 6 points 3 weeks ago (1 children)

Excellent, despite not using ISO 8601 date formats!

Black Cat hissing at the date format not being in ISO 8601

[–] coldsideofyourpillow@lemmy.cafe 4 points 3 weeks ago

RFC 3339 is superior to ISO 8601

[–] Okuyasu@lemmy.ml 5 points 3 weeks ago

Ok, i've been thinking about this since the first time i received a nicole spam message because of the timing and what i was i doing and saying at that moment on another lemmy account and maybe i'm just paranoid, but you don't go and pull a pig butchering scam on a platform like this or any scam that is so obvious.

What i think is this is a mass surveilance attempt and in this thread https://lemmy.today/post/25826615 someone try to explain what might be happening. The bitcoin scam and everything else are probably a decoys in my opinion.

I could be wrong but this is all too fishy.

[–] asudox@lemmy.asudox.dev 4 points 3 weeks ago* (last edited 3 weeks ago)

What tool did you use btw. Looks amazing.

Edit: oh ok, figma.

[–] captain_aggravated@sh.itjust.works 3 points 3 weeks ago

It would be really cool if Lemmy, or some similar ActivityPub platform, could host brainstorming apps like that.

I remember being part of r/celebritynumbersix and it was basically impossible to maintain any kind of database.

[–] driving_crooner@lemmy.eco.br 3 points 3 weeks ago (1 children)

How can I see the language or my account? My instance is PT-BR

[–] Peter_Arbeitslos@feddit.org 4 points 3 weeks ago (1 children)
[–] driving_crooner@lemmy.eco.br 5 points 3 weeks ago

Thanks. Looks like I have undetermined, English, Spanish and Portuguese.

[–] Sibshops@lemm.ee 3 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

The crypto scam may be a copycat. If you sort by new in this community, the latest messages don't have a crypto address in it.

[–] FQQD@lemmy.ohaa.xyz 5 points 3 weeks ago

Possibly, but I think there was also proof provided by multiple people that it is real. I think it's not only in the messages, but also on the matrix server.

[–] amon@lemmy.world 3 points 3 weeks ago (1 children)

in friendica, her profile shows a work address

[–] null_dot@lemmy.dbzer0.com 6 points 3 weeks ago

If Nicole is the victim of harassment then we probably shouldn't post this.

[–] qupada@fedia.io 2 points 1 week ago (1 children)

I got one with crypto addresses for "donations" for the first time today. That seems to be a new addition, messages from 2, 3, and 5 weeks ago didn't have them.

I have also received some "alternate" versions from pseudo-random usernames (ones not on your chart) from the sh.itjust.works instance. Mostly the same copy as always, but delivered entirely in an image rather than image+text. Thought that was interesting.

[–] FQQD@lemmy.ohaa.xyz 2 points 1 week ago* (last edited 1 week ago)

The crypto adresses are back? As far as I'm aware, they were being sent out a week ago, but then stopped again. God damn it. But yeah, I have to add the new usernames

[–] ElGrossKotzo@troet.cafe 2 points 3 weeks ago (1 children)

@FQQD

i got a message from a Nicole47...
what is ARG?

[–] FQQD@lemmy.ohaa.xyz 2 points 3 weeks ago

An ARG is basically a cryptic internet art project, where fans come together and solve it. "Nicoles" messages are VERY unlikely to be connected to one, though. https://en.m.wikipedia.org/wiki/Alternate_reality_game