Something bizarre just happened involving some spam here

[Dan Druff]

Nikki was one of the few long-term female users of our community. She showed up on NWP in its early years -- either 2004 or early 2005. She listed herself as being from Oregon and posted some pictures of herself. She was a young woman and appeared to be real. She was never playing poker at significant stakes, so she was unknown outside of our community, despite being a young female.


When PFA started in 2012, Nikki showed up under a different screen name -- and not one which was obviously male or female. This was fine, and in fact I encouraged people to do this if they wanted a "fresh start" from their known NWP/DD identities. Only past scammers were disallowed from registering under a new name. Nikki was one of the people to take me up on this offer.

Her time on PFA was not particularly notable. She had a 3-figure post count, and mostly stuck to discussing poker-related topics. Her opinions were not particularly provocative, and her new account was assumed by most to be an occasional male poster who would mostly share brief comments on existing topics.

Two years later, in 2014, she decided to come back as herself as Nikki. At this point, she split her posting between both accounts, but again, the posts were unremarkable.

In 2018, she ceased posting on both accounts, and disappeared from PFA. Her last post was on Nikki, in October 2018, and was pahticipating in a $100 contest by Chinamaniac.

Given that she hasn't been heard from in 5 years, there are many possibilities, one being that she passed away. However, we have had users abruptly disappear in the past, who later show back up. (The latest example was "big dick", who vanished a few years ago, only to recently briefly return.)

Now Nikki has returned, but something really weird is going on with her accounts. Read on...

[Dan Druff]

On July 26, I made a post in the "Poker Community Discussion" forum about Spain taxing all live poker winnings -- including those of foreigners such as Americans.

Since the topic is not particularly controversial or interesting for those who don't play poker in Spain, the thread got zero responses.

However, I noticed today that it finally got two responses, a few weeks after the fact.

On August 14, Nikki's alt account posted:

The recent changes to tax law in Spain represent a substantial shift for poker players and will undeniably affect those considering playing in the country. Actually, one of my friends wants to participate in EPT Barcelona, but I bet he didn't know about the new tax law.

On August 15, she then posted this on her "Nikki" account:

I think it's understandable that a country would want to regulate and tax gambling, but this can create complications for casual players and tourists. My experience has shown that local taxation can sometimes deter players from participating in games or even cause them to seek alternatives.

If you're looking for an alternative, I recommend trying out the joker123 apk. It's a casino platform based in Indonesia, where I regularly play, so you can enjoy your games without being subject to Spanish taxes.

The second post had a link on the "joker 123 apk" part, to what was supposed to be some shady Indonesian casino. However, that link did not work.

Both accounts had a Cialis site link in their signature, which Nikki didn't have before.

So it appears that both of Nikki's accounts were taken over by spammers, and were used to spam PFA. The IP for both was a VPN which spammers have been caught using in the past, on other forums.

But what really happened here? This is actually very interesting from a technical standpoint, if it's what I think it is.


The non-technical explanation is that Nikki simply signed up to join a network of forum spammers, and decided to use her existing forum accounts (such as PFA) to do some of it. However, this doesn't make sense for various reasons. Nikki knows I wouldn't allow spam to stand on this forum. She also likely wouldn't use BOTH of her accounts to spam the same thread, thus giving away they're the same person. If she really wanted to spam twice, she could simply use one account to spam two different threads. Furthermore, the language in the posts clearly isn't her writing style, yet were both strangely on-topic, especially the first one. Finally, bots do the spamming these days -- not people. You don't get paid enough to manually spam forums, as this would make you literal pennies.


The more likely explanation is that spammers got access to Nikki's emails, and thus got access to PFA. Both accounts are registered to different emails (in fact, this is required by the system), but it's possible that all of her emails were breached in some way. It's also possible that nobody else on PFA was breached in the manner she was, thus making sense why only her two accounts were used to spam.

But this raises various questions:

1) How did the spammers get both of her passwords? These passwords would NOT be listed anywhere in her e-mails.

2) How did the spammers stay on topic so well? The first post about EPT Barcelona and the taxes, while overly formal in language, did stick to exactly what I was talking about in the OP, and in fact casually mentioned that she had "a friend" who was considering playing there. Impressive for spam!

3) Does this mean Nikki is alive and well, if she got hacked/phished in some way semi-recently?



I'll give you my theory in the next post.

[BetCheckBet]

I would assume some sort of keylogger/hack/virus. I know on iphones its also pretty easy to get all of someone's passwords if you know their appleid. As for why no idea

[sonatine]

90% sure drexel has her phone number but maybe i hallucinated it.

[Dan Druff]

I believe we are seeing the first instance of AI-assisted spamming on PFA.

Here is what I believe happened:

At some point, Nikki's two e-mail accounts were compromised. Recall that two data breaches occurred on Yahoo -- one in 2013, and one in 2016. So it's possible that these breaches were not even Nikki's fault.

Regardless, it seems a spam network got access to Nikki's emails. Then, the spambots were programmed to scrape the e-mails and look for forum signups. Upon finding them, the bots would then request password reset requests, which of course would work if the bots have control of the registered email. It's also possible that they grabbed her passwords via keylogger malware.

From that point, the spammers have control of the forum accounts. It is very likely that the spambots are NOT aware that Nikki's two accounts are the same person, but rather just see it as having obtained two working PFA accounts for spam purposes.

On August 14th and 15th, the spambots targeted a random PFA thread -- the one I created about Spanish taxes of poker winnings -- and deployed its breached PFA accounts to post on it. This would explain why both of Nikki's accounts spammed the same thread.

But how did it stay on topic so well? That's where AI probably came in. Note the stilted and formal-sounding language in the posts, especially the first one. This looks very much like AI, which will often restate the question/topic at hand before giving its further analysis. The AI was likely asked to make different posts on the randomly selected thread, using my original post as a writing prompt. This makes it look less like spam, and is more likely to stand than traditional spam. Indeed, were I not familiar with Nikki's writing style, and if it were not for the lol Cialis links in the signature, I would have dismissed it as a normal on-topic post, and not deleted it.


This is a very interesting new spamming tactic. It has various advantages:

1) By using existing, breached accounts on forums, the spam posts are more likely to stand than ones made on new accounts (I'm talking about in general, not on PFA)

2) By using AI to stay on topic, the spam posts can appear to give input on the topic, and again are more likely to stand


It will be interesting to see if other Yahoo-based PFA accounts do the same thing. There are many people here who used Yahoo to register on PFA. However, it's possible that Nikki's accounts were breached in some other way, and not due to the 2013 and 2016 hacks.

Does this mean Nikki is alive and well? Not necessarily. It's possible that these breaches occurred a long time ago. It's even possible that the password resets occurred years ago (maybe 2018 -- explaining her disappearance?), and are only being utilized now. Sometimes spammers will sit on accounts and breaches for years before making use of them.

Regardless, I will tip my cap to our new AI-spamming overlords, but I will continue to fight them with the same vigor which I have the Russian hackers.

Regarding Nikki, I am disabling both accounts from posting, until she can prove to me she has control back.

[Jayjami]

She died of cancer.

[gut]

Those posts do make JimmyGBot seem very outdated.

[BCR]

Didn’t Epistate bang her? Or am I mistaking her with someone else? Hard to believe that was probably 16-17 years ago.

[Dan Druff]

Didn’t Epistate bang her? Or am I mistaking her with someone else? Hard to believe that was probably 16-17 years ago.

No, you're thinking of TheSauce, who is Asian. Haven't seen anything from her in at least 15 years, probably more.

Nikki is white.

[splitthis]

Didn’t Epistate bang her? Or am I mistaking her with someone else? Hard to believe that was probably 16-17 years ago.

No, you're thinking of TheSauce, who is Asian. Haven't seen anything from her in at least 15 years, probably more.

Nikki is white.

The sauce gave him sauce and he caught the herpes and we never heard from him again.

[splitthis]

Nikki was a cool chick, hopefully she is ok.

[Mission146]

But this raises various questions:

1) How did the spammers get both of her passwords? These passwords would NOT be listed anywhere in her e-mails.

2) How did the spammers stay on topic so well? The first post about EPT Barcelona and the taxes, while overly formal in language, did stick to exactly what I was talking about in the OP, and in fact casually mentioned that she had "a friend" who was considering playing there. Impressive for spam!

3) Does this mean Nikki is alive and well, if she got hacked/phished in some way semi-recently?



I'll give you my theory in the next post.

(Clipped, relevance)

1.) At a guess, she forgot her passwords here, at some point, and PFA sent new passwords via E-Mail. That's assuming she didn't relinquish the passwords willingly, of course. The VCT and PFA passwords I use are auto-generated, so my guess would be she gave the credentials directly, or gave E-Mail access (or was hacked) and then some bot read the E-Mail history and got the passwords.

If a person could get into my E-Mail (doubtful) then they would also know my passwords here and VCT.

2.) Chatbot. Reasonably good. It could also be an actual person; who knows?

3.) I wouldn't know.

[Dan Druff]

But this raises various questions:

1) How did the spammers get both of her passwords? These passwords would NOT be listed anywhere in her e-mails.

2) How did the spammers stay on topic so well? The first post about EPT Barcelona and the taxes, while overly formal in language, did stick to exactly what I was talking about in the OP, and in fact casually mentioned that she had "a friend" who was considering playing there. Impressive for spam!

3) Does this mean Nikki is alive and well, if she got hacked/phished in some way semi-recently?



I'll give you my theory in the next post.

(Clipped, relevance)

1.) At a guess, she forgot her passwords here, at some point, and PFA sent new passwords via E-Mail. That's assuming she didn't relinquish the passwords willingly, of course. The VCT and PFA passwords I use are auto-generated, so my guess would be she gave the credentials directly, or gave E-Mail access (or was hacked) and then some bot read the E-Mail history and got the passwords.

If a person could get into my E-Mail (doubtful) then they would also know my passwords here and VCT.

2.) Chatbot. Reasonably good. It could also be an actual person; who knows?

3.) I wouldn't know.

If you read my following post, I give my theories on the matter.

The passwords are never sent in email. If you need to reset them, you get a link to click, and you type in a new one.

[Mission146]

If you read my following post, I give my theories on the matter.

The passwords are never sent in email. If you need to reset them, you get a link to click, and you type in a new one.

(Clipped, relevance)

It sends you a password in the E-Mail to log in and then prompts you to create a new password, but you don't actually have to. You can just use the one from the E-Mail. I can text you a screenshot to prove it, if you wish.

[Dan Druff]

If you read my following post, I give my theories on the matter.

The passwords are never sent in email. If you need to reset them, you get a link to click, and you type in a new one.

(Clipped, relevance)

It sends you a password in the E-Mail to log in and then prompts you to create a new password, but you don't actually have to. You can just use the one from the E-Mail. I can text you a screenshot to prove it, if you wish.

Does it? That's kind of stupid, if true. To be fair, I haven't reset my password on a Vbulletin 4 site in a long time, so maybe I'm forgetting. Obviously I never have to use my own site's password reset function.

So yes, maybe that's an explanation, if it works how you say. You sure it doesn't force you to change the password once you log in?

[garrett]

Nikki is my friend

also was kind enough to let me stay at her place in 2018, when I played the WSOP.

She knew I had that chance and also just a nice person Druff, Nikki us a very nice woman...

[Sidewinder]

Nikki is my friend

also was kind enough to let me stay at her place in 2018, when I played the WSOP.

She knew I had that chance and also just a nice person Druff, Nikki us a very nice woman...

you gonna tell ur friend she's hacked or what exactly

[tgull]

She died of cancer.

Same with Michael?

[lol wow]

NOPE DO NOT REMEMBER WAS IT MEMORABLE

[Nikki]

I am still undead and all is well ,I have not logged in or tried to log in for years when I get on PFA I usually don't log in ,I read more then I write and a listen more then I speak .

My emails that were attached to my 2 accounts was throw away emails,I never really used them and been years since I have so no clue how they were compromised.