Protecting Yourself from Scammers

5 Common Signs of a Scammer

Spencer Magnusson
June 20, 2025

Be safe.

With sightings of malicious Blender files online, even the Blender community isn’t safe from viruses and scammers.

I share a few quick ways to prevent yourself from running malicious scripts in .blend files or other “fake” .blend files:

I’ve been hacked, last year, on Discord. I didn’t remember of one of these 5 common signs of a scammer (which I’ll get to, don’t worry). Thankfully, most of my friends didn’t fall for my converted account, which was quickly saved by Discord Tech Support.

I even gave their tech support the scammer’s usernames. Amusingly, some scam messages were mid-conversation when the scammer got banned.

But enough of that. Let me share these 5 common signs. Note that these are not guarantees. Some interactions you’ve had recently may fit one or two of these, but they may not necessarily be scammers. They are just common indicators that you should keep in mind, and verify the user yourself or notify a moderator if necessary.

1. Vagueness

Scammers rarely say anything specific about you. For example, the message greets you but not by name. Maybe they don't mention your name, your company, your product, they say "I love your work" but no specifics or the specifics don't make sense with your art or products).

My phone greets you! It says 'Hello'. If you liked the photo please support! Print: http://bit.ly/32ds7QL Behance: http://behance.net/szaboviktor Blog: https://blog.szaboviktor.com Support: https://www.paypal.me/szaboviktor My presets: https://bit.ly/2TyvzRK

Just saying “Hello” instead of your name. Photo by Szabo Viktor

Scammers usually send these to multiple recipients at a time, so they tend to be more vague to try to catch more people without wasting time crafting each message.

To combat this, I try to ask a question specifically about me or them, and see if they can answer it correctly. Most scammers either miserably fail or (more likely) just stop messaging you.

2. Suspicious Links

Scam messages often have hidden or suspicious links. Sometimes the link deceivingly goes somewhere else.

Most web browsers will show you the real destination of a hyperlink if you hover your mouse cursor over it (usually in the bottom left or right corner of the browser window).

If it seems especially different from the displayed text or otherwise seems suspicious, don't click it. Ask the user what it is, and see what they say.

3. Escapes Moderation

Scammers may ask you to message them through another app. Scammers often prefer unmoderated methods of communication: email, text, anything easier for them to dodge security.

A way to combat this is to either verify the user with another contact method you can trust (in-person, another phone number or email, or social media account), or just say "I'd prefer to message here."

Sometimes scammers stop messaging me just after that response.

4. Payment

Scammers may ask you to transfer money to them. If it's a business, it has to profit somehow, right?

Always a transaction. Photo by Nathan Dumlao

I've even seen this for art commissions where they're paying you, but scammers say the payment "failed" and they need you to pay them to "verify" it. Or sometimes, they will “pay” you extra (they actually didn’t), then ask you to refund it back.

Be very careful, don't transfer money in a case where you normally shouldn't need to. Use trusted sites where you may be able to dispute the transaction if things go wrong. If they said they paid you, check that a transaction went through before doing anything else.

5. Account Info

Scammers may ask for account-sensitive information. But keep this in mind:

No official website admin or IT support or Discord user will have good reason to ask for your password, multi-factor authentication, or any other information to gain access to your account.

No IT support needs it to do their job.

This is also why websites don't change or access your password for you, and use a "reset password" workflow that goes through your email instead. Websites and IT intentionally don’t touch your password, because for business (and legal) reasons, it’s easier to just never touch the data directly themselves.

So if any IT support says they need your password or 2FA, they don’t. Because they’re not IT support.

When in Doubt…

Contact the user through a different app or method of communication. Report to a website moderator or admin.

Don’t click the link. Don’t pay the amount.

I don’t say all this just to have you be paranoid and reclusive. In the words of (at least the movie’s) Dumbledore, “Curiosity is not a sin … but exercise caution.”

Connect with others. Photo by Brooke Cagle

Please, connect. Network. Share. Just remember that the Internet is an easy place for someone to wear a mask. Focus on those you trust.