Chapter 1: Understanding Impersonation Spam Attacks

In recent weeks, I've noticed a distressing trend on Medium: impersonation spam attacks. The situation became particularly concerning when I learned that my own identity was at stake. I had previously informed my audience about this issue, which sparked a wave of comments on my short story—over 100 in total!

What exactly is an impersonation spam attack? It's when someone assumes your identity and misuses it. In my case, a fake account used my name, profile picture, and bio to leave comments on various posts.

This not only shocked me but also made me feel vulnerable. I received comments from people reacting to “my” posts about cryptocurrency, which I never shared. Thankfully, after I, along with other writers, reported the account, Medium suspended it. Their Trust & Safety team reassured us that these impersonation accounts did not compromise the original accounts.

Unfortunately, this isn’t an isolated incident. As I sifted through the comments on my story, I found that other writers were facing similar impersonation spam attacks. For instance, Jenn Leach also had her identity stolen.

Section 1.1: Celebrity Impersonation Examples

The impersonation issue has led to some bizarre cases. For example, Ashley Treadwell shared that she received a comment from an account pretending to be Elon Musk:

Similarly, Diane Egan thought she was being directly replied to by Barack Obama. She was initially thrilled, only to discover later that it was a fraudulent account.

When Medium’s Top Writers share their WhatsApp numbers, it can be alarming. I’ve received messages from writers I admire, offering “wonderful” opportunities that turned out to be suspicious.

Please, if you receive such messages, don’t engage with them!

Section 1.2: How to Protect Yourself

To check if someone has used your account, simply search for your name on Medium. If you spot any imposters, report them immediately. You can do this by clicking the three-dot menu next to the comment or account and selecting "Report this response."

Chapter 2: Solutions to Combat Impersonation Spam

The growing number of spam comments has left many new writers frustrated. They wish Medium would take stronger action. While finding solutions is a complex task, I propose two potential measures:

1. Verification Badge: Implementing a verification system could help ensure users are who they claim to be. Similar to badges used on platforms like Facebook and Twitter, a verified identity check could add an essential layer of security.

2. Anti-Spam Software: As recommended by Dave Coker, integrating tools like SpamAssassin could significantly reduce spam. This open-source platform is designed to filter and block unwanted emails, making it a suitable choice for Medium.

In the video titled "DEF CON 31 - SpamChannel - Spoofing Emails From 2M+ Domains & Virtually Becoming Satan," the speaker delves into the mechanics of email spoofing and identity theft. This context can help us understand the severity of impersonation attacks.

Additionally, the video "Stop impersonation-based email attacks | Microsoft 365 Defender" offers valuable insights on protecting against such threats.

Final Thoughts

It's alarming to think that even notable figures can fall victim to impersonation attacks. The implications are serious and can happen to anyone. If you encounter impersonation spam, don’t hesitate to report it. For many of us, this issue is intolerable, and it's crucial for Medium to address it to ensure a safer community for all users. What are your thoughts on the ongoing spam attacks?