Al Leong’s Twitter Account (X) — @iDesignStrategy Hacked by Russians with at least 1 Chinese (or Asian) operative.
Update (Jun 30): The account was blocked, recovered, and protected again on June 8. 2024.
On June 5, 2024, my Twitter account was hacked last week by someone using an alias, dilettaarduino@proton.me / Dilette Arduino, from Korn Ferry (HR/Recruitment firm). They also use this temporary gmail email account: michellebourque86@gmail.com. They post to offer you to interview for jobs and ask you to download special video conferencing software for the interview from https://vorion.io/ with keystroke logging software (don’t download anything from this site) — It is hosted in Russia. They use Telegram to get to you. The scammers hijacked my Twitter account and contact my contacts through twitter to further perpetrate this scam. This software logs keystrokes and may disable your firewall. Please be warned this is a scam to get personal information and access to your accounts and passwords. The FBI and the Canadian RCMP have been contacted and report filed for investigation for referral to Interpol. Twitter has since frozen the account for further investigation.
About Vorion: Domain Name: vorion.io
Registry Domain ID: 527aef2676874ef5bacd1fbd6b597241-DONUTS
Registrar WHOIS Server: whois.reg.com
Registrar URL:
Updated Date: 2024–05–14T18:25:03Z
Creation Date: 2024–05–09T18:24:56Z
Registry Expiry Date: 2025–05–09T18:24:56Z
Registrar: Registrar of Domain Names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru (so clearly from Russia)
Registrar Abuse Contact Phone: +7.4955801111
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: Privacy Protection
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province:
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: RU
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: ns1.hosting.reg.ru
Name Server: ns2.hosting.reg.ru
And,
% TCI Whois Service. Terms of use:
% https://tcinet.ru/documents/whois_ru_rf.pdf (in Russian)
% https://tcinet.ru/documents/whois_su.pdf (in Russian)
domain: REG.RU
nserver: ns1.reg.ru. 176.99.13.11, 176.99.13.13, 176.99.13.15, 176.99.13.17, 194.58.117.11, 194.58.117.13, 194.58.117.15, 194.58.117.17, 194.67.73.173, 194.67.73.174, 2a00:f940:4::47
nserver: ns2.reg.ru. 176.99.13.12, 176.99.13.14, 176.99.13.16, 176.99.13.18, 194.58.117.12, 194.58.117.14, 194.58.117.16, 194.58.117.18, 194.67.73.175, 194.67.73.176, 2a00:f940:5::190
state: REGISTERED, DELEGATED, VERIFIED
org: Registrator domennih imen REG.RU, LLC
taxpayer-id: 7733568767
registrar: REGRU-RU
admin-contact: http://www.reg.ru/whois/admin_contact
created: 2005-10-31T21:00:00Z
paid-till: 2024-10-31T21:00:00Z
free-date: 2024-12-02
source: TCI
Last updated on 2024-06-08T13:51:31ZAnd, from one of my Twitter contacts, they perpetrate this crime through network contacts. (image of hijacked account communications using my Twitter account).
Based on additional data (proprietary), they have Chinese (HK/CHINA/Asian) operative(s), or additional operatives internationally. Likely they are targeting higher profile individuals (perceived to have wealth/money) for credibility and to lure job-seekers to reveal their information as well leverage the network.
Social media fraud has seen a significant rise in recent years, with platforms like Telegram, LinkedIn, and Twitter being prime targets. Financial losses due to social media scams have been staggering, with over $2.7 billion lost to fraud. The US Internet Crime Complaint Center (IC3) reported 24,299 victims of romance scams and confidence fraud in 2021 alone, resulting in more than $956 million in losses. These figures illustrate the substantial financial impact and the growing prevalence of such scams, emphasizing the need for increased vigilance and security measures among users.
Telegram, known for its privacy features, has become a preferred platform for scammers. The platform has seen an uptick in various fraudulent activities, including cryptocurrency scams, investment frauds, and impersonation attacks. Scammers exploit the encryption and privacy features of Telegram to conduct their operations with relative anonymity, making it harder for authorities to trace and combat these crimes. Articles and case studies reveal how scammers use sophisticated methods to trick users into divulging personal information or transferring funds, significantly contributing to the rise in Telegram-related scams.
LinkedIn, a platform primarily used for professional networking, has not been immune to the surge in fraudulent activities. Employment scams are particularly prevalent on LinkedIn, where scammers pose as recruiters to collect personal information or demand upfront payments for fake job offers. These scams exploit the trust and professional aspirations of LinkedIn users, making them vulnerable targets. The rise in these types of frauds on LinkedIn highlights the need for users to be cautious and verify the legitimacy of job offers and recruiters before sharing personal details or making any payments.
Twitter has also faced numerous incidents of compromised accounts, which are used to promote Bitcoin scams and other fraudulent activities. These attacks often involve phishing schemes and direct messages designed to deceive users into providing sensitive information. Additionally, a massive data breach reported in early 2024 exposed 26 billion account records from platforms like Twitter and LinkedIn, underscoring the widespread risk of data exposure and its potential exploitation by scammers. The increase in fraud across these social media platforms emphasizes the critical importance of robust security measures and user awareness to prevent falling victim to such scams.
If you have experienced crime, or similar activities, please read this article on how to protect yourself, report and catch criminals: https://medium.com/@idesignstrategy/how-blockchain-professionals-can-avoid-phishing-and-employment-scams-report-and-catch-b2f6aafceb5c
Remediation
Removing malicious software, such as keystroke loggers, requires a systematic approach to ensure complete eradication and restore system security. The first step is to disconnect the affected device from the internet to prevent further data transmission to the attacker. Next, boot the system into Safe Mode, which restricts the operation of most non-essential programs and makes it easier to identify and remove malware. Use a reputable antivirus or anti-malware software to perform a full system scan. These programs are designed to detect and remove various types of malicious software. Ensure that the antivirus definitions are up-to-date before running the scan for maximum effectiveness.
Once the scan is complete and the threats are removed, it’s important to change all passwords from a secure device that hasn’t been compromised. This prevents the attacker from continuing to access sensitive accounts. Additionally, updating all software, including the operating system and applications, can close security vulnerabilities that may have been exploited by the malware. Consider enabling two-factor authentication on all accounts to add an extra layer of security. Finally, regularly back up important data and maintain updated security software to minimize the risk of future infections. If the infection is severe or persistent, consulting a professional IT service may be necessary to ensure complete removal and system integrity.
Update to this article: Since June 8, my Twitter account has been restored and protected.
