Intro: Fake-support DMs impersonating official or partner support are on the rise — proactive offers to "help process your order / refund / upgrade," using a helpful tone to gain trust, before steering to third-party chat or webpages to request sensitive info. This note dissects the common scripts, risk signals, and verification principles — and reminds you that the more helpful they sound, the more cautious to be.
Background
Scammers often have some order or delivery info. They proactively DM or email, offer a "ticket ID" and "identity screenshot," and push the conversation to a chat app — then ask for verification codes, remote-control permissions, or even the recovery phrase.
They use countdowns or "immediate freeze/refund" pressure to prevent verification. If you hesitate, they escalate with forged "official pages" or "support name cards" to boost credibility.
Common script breakdown
1) Entry line: "order anomaly requires confirmation," "refund needs account verification," "upgrade requires remote assistance" — urgency framing to force a quick response.
2) Channel migration: DM on the platform first, then ask to move to a chat app or webpage form, citing "more secure" or "system limits." Once off the official channel, risk escalates.
3) Escalating asks: from verification code, to email password, to recovery phrase and private keys — each ask incrementally larger. May ask you to disable security software or enable screen sharing.
4) Fake tickets & screenshots: forged ticket numbers or "internal screenshots" as proof. Ask to verify via the official system? They claim "system busy."
5) Fee / rebate bait: request a "processing fee" or "compensation," or bank-card info up front — all for harvesting payment credentials.
Common Q&A
Q: If they quote the order number, they must be genuine?
A: Not necessarily — order info leaks or gets credential-stuffed. Still need channel & identity verification.
Q: Is remote-assistance requested by support normal?
A: Official support doesn't provide remote control, and never asks for the recovery phrase in a session.
Q: Does "compensation" require a processing fee first?
A: Any legitimate compensation won't require upfront fees or full card details — this is a textbook scam.
Q: Can I click a link they sent in chat?
A: No — type the URL manually or verify in the official app.
Principles
1) Communicate only through official channels. Proactive "support" DMs must be verified via domain, ticket ID, and contact method — anything you can't confirm through the official site or app is high-risk.
2) Any request for recovery phrase, private keys, verification codes, remote control, or disabling security software — decline outright. If you've already shared something, rotate related credentials on a trusted device and report to official support.
3) Save chat logs, account handles, and timestamps as evidence. Report to official channels — helping widen the protective net for others.
Safety reminder: We will never ask for your recovery phrase, PIN, verification codes, or private keys. Anyone requesting them is attempting fraud — do not share and do not proceed.
