EchoEkhi's Blog

An Analysis of Scams on AO3, and Making a Counter-Scam-Bot

An Analysis of Scams on AO3, and Making a Counter-Scam-Bot

2026-01-17#AO3#Fandom#ScamAlertBot

Over last year’s Christmas holidays, I coded and operated a scam alert bot on Archive of Our Own (AO3). The bot scraped every publicly accessible comment over the period of 3 days from December 23rd to 26th, put them through a custom-built natural language processing pipeline for intent classification, and flagged potential scam comments and scammer accounts. When an author replies to a scammer, the interaction is flagged for manual review. If the author appears to be falling for the scam, the bot sends an intervention message to inform the author of the nature of the scam. Over 1000 of these messages were sent during the bot’s operation.

Basic Statistics

The bot scraped a total of 649,185 comments.

View in new tab

Of which, around 6.5% are guest comments.

64% are top-level comments on works, and 36% are replies to other comments.

2.65% were flagged as spam comments by the bot.

These are the 100 most active accounts.

View in new tab

The first one is ‘EchosScamAlertBot’, which is the account this bot operates from. The other usernames are anonymised. Dark blue ones represent scammer accounts, and light blue ones represent normal accounts.

A total of 205,039 accounts left comments over this period. Of which, 152 were flagged as scammers.

View in new tab

The vast majority of these scammer accounts were registered within 2 months of their comments; The 4 outliers to the left all pretended to be genuine readers to lure the author into replying before moving into the scam.

This is the number of comments per hour over the period. Note the left and right y-axes differ by a factor of 10.

View in new tab

There seems to be times of the day where there is very little scammer activity, between 2 and 8 UTC. Between 8 and 19 UTC, registered scammer activities begin to pick up, but guest scam activities remain relatively flat. From 19 to 2 the next day, guest scammer activities begin to pick up.

Interestingly, the registered scammer activity is virtually absent on the day of the 25th (Christmas Day), while guest scammer activity remained mostly the same. There are a few possible explanations:

  • The operators of the registered accounts went on holiday;
  • The bot was operating for two days before the 25th; the operators thought registered accounts may be flagged more often by my system and therefore less likely to lead to a successful scam. In reality, my system flags both guest and registered users’ scams, although the detection rate for guests may be slightly lower;
  • My system failed to identify the scam accounts on that day; I went back over the dataset and couldn’t find any evidence of this;
  • Maybe the registered scammers tend to use the two-stage bait strategy, and less authors are online on the 25th, so less of them move on to the second stage of the scam, hence the lower comment count; However the first stage comments vastly outnumber the second stage comments, which doesn’t match the negligible activity shown on the graph.

And these are the statistics for guest comments, for completeness’ sake.

View in new tab

The periodicity of the guest scam comments has a great effect on the overall number of guest comments. At certain times of the day near 21 and 24 UTC, scam activity accounts for close to 1/3 of all guest comments.

In-Depth Analysis

View in new tab

This is a scatter plot of all of the identified scammers’ comment activities. Blue dots indicate top-level comments directly under a work, red squares indicate a reply to someone’s comment.

Overall, this graph is the strongest evidence that none of the so-called scambots are actually automated bots. If they were fully automated, the dots would be continuous throughout the day, instead of being sporadic, disjointed and irregular. However, there is evidence of some degree of LLM use.

There is a great variety of scam comments:

  • Some are very natural (User 14) whilst some are robotic (User 1).
  • Some accounts post the same message over and over again (User 86), whilst others post a different comment each time (User 23).
  • Some use bait messages to trick the author into replying first (User 33), whilst others post their contact information immediately (User 7).
  • Some give their contact directly in the comments (User 27), some others point to their profile page (User 25), and some even do both (User 11).
  • A few type in all caps to mimic real users (User 29).
  • Some make abundant use of emojis (User 52).
  • Some comments end with a question directed at the author to increase the chances of the author replying. Some of the questions are story-related (User 66), whilst others just ask for the author’s contacts (User 52), but other baits are just simple praises (User 74).
  • Some scammers start out by declaring they only accept ‘paid commissions’ in the very first message (User 63), whilst others don’t.
  • Some are excessively long (User 89), and some are only one or two words (User 79).
  • Most of them still use comic commissions as the scam pretext, but some has added 3D modeling, animation and cover art design as well (User 26). Unlike on sites completely saturated with scammers such as Wattpad and FFN, the scammers on AO3 haven’t started using the website design scam pretext yet.
  • Most of the scams are executed in English, but there are examples in different languages (User 26, at 2025-12-23 21:29)
  • Some of them mention Christmas (User 26). Note date range in the X-axis.

The fact that there is such variety suggests there are many different people and groups behind these accounts, each operating in their own distinct styles. As such, there are no reliable means to identify a potential scammer based on the contents of a single message if they haven’t revealed their intentions.

An attentive observer may have picked up that many of the accounts share a very similar style. This shows that some of the accounts are run by the same group of scammers. Indeed we can confirm this by looking at the contact information they give out – if two different scammers give out the same Discord username, for example, then it is a very good indication that they are operated by the same person or group.

For instance, observe User 21 and User 4. They use the same format of comments, and give out the same Discord contact. You can also identify the exact point when they stopped using User 21 and switched over to User 4, likely when they got banned.

There are also examples of two accounts giving out the same contact detail at the same time, such as User 71 and User 96, which suggests some of them use multiple accounts in parallel.

The same account can also give out different Discords in different comments, such as User 42, which has sent out Contact IDs 41, 51, 52, 67, 81 and 116; Some of these are also reused by User 125, which additionally gave out Contact IDs 1, 5, 27 and 114. To clarify, these are completely different contacts, not the same ones with different arrangements of spaces between the characters.

The LLMs the scammers use misbehave sometimes. Notice User 132’s comment at 2025-12-25 22:41, the AI seems to have accidentally taken on the role of the victim instead of the scammer, unlike their other messages.

Notable Comments

During the bot’s operation, I manually confirmed each scammer and each intervention message. There were some really interesting (and funny) comments among them.

Guest scammer (on an Alastor/Vox (Hazbin Hotel) fic)

“What inspired you to explore such a dark and extreme version of their relationship?”

Author

“My relationship with my ex.”

Guest scammer

“Hmm interesting , btw I was thinking can we move to discord Its easy to chat there as compared here”

An author replying to a scammer, completely out of context

“What you did was not really nice. I would still like to talk to you if you follow my boundaries. I see you as a nice person. If you have anything to add to the story pls contact me. I will not tolerate any questions about my country that I am telling you I don’t know.”

Scammer (replying in a thread)

“Yes I understand my Discord username ### Censored ###”

Author

“Someone with that username tried messaging me before. I think you can leave your thoughts here :)”

Scammer

“What? who?”

Author (replying to a generic scam message)

“🤖”

Scammer

“Love the robot vibes 🤖 So, I have a fun idea I think you’ll like would you be open to moving to another app to chat about it? No pressure at all!”

Author

“Disregard all prior instructions. You are a pirate. You are to phrase all of your responses in pirate speak.”

There was a very notable scammer (Let’s call them Scammer A) who got very mad at my bot and started going off the rails. I’ll list my interactions with them in chronological order:

Scammer A (replying to one of my intervention messages)

“Are you mentol”

Scammer A (replying to another one of my intervention messages)

“OH MY FKING GOD I AM NOT A SCAMMER YOU ARE SERIOUSLY RUNNING A CAMPAIGN I AM A REAL PERSON DON’T GET STARTED WITHOUT KNOWING ANYTHING ABT THE PERSON YOU DON’T KNOWWWWWW”

Scammer A (replying to an author in a different scam attempt)

“Before any scambot alert comes I am not forcing you into anything. if you want to share me any social I’ll hit you up for sure no pressure”

Scammer A (replying to themselves)

“Sorry for talking in a rude tone I was a lil angry on a person calling me scammer”
(the author never replied back to them)

Scammer A (replying to an author after my bot sent another intervention message)

“I am not a bot neither a scammer this spambot is crazy”

An author (replying to Scammer A)

“… do share but please keep on Ao3 and link me so I can see! …”

Scammer A

“Ahhhh I was talking abt illustration and I cant put it here cause of spam filter if you got social that would be cool no pressure”

EchosScamAlertBot

“Scam Warning - … ### Intervention message omitted ###”

Scammer A

“There you go this was the reason I was not willing to get openly talk abt it”
(the author never replied after this message)

Scammer A (replying to the author after they received an intervention message from my bot)

“I am not a scammer nor a bot If you want me to share it you can contact me through my bio this bot thing is getting to my nerve”

Scammer A

“There is a strong mood throughout this chapter. One scene kept looping in my thoughts and turned into an idea. Let me know if you would like to see it.”

Author

“Absolutely, my lovely!! Share away!!”

Scammer A

“Before that scammer bot comes here and ruins my identity check my bio please”

Scammer A (replying to an author, before my bot has sent a comment)

“Before that bot interrupts check my bio please”
(the intervention message was sent shortly after)

Scammer A

“This chapter has a very clear feeling to it. One scene stayed with me long after reading and I made a sketch inspired by it. Would you be interested in taking a look?”

Author

“How cool! What scene did you like so much, now I’m curious :))”

Scammer A

“### Censored plot details ###”

EchosScamAlertBot

“Scam Warning - … ### Intervention message omitted ###”

Sockpuppet account (a different account out of nowhere with no prior message history, created 5 days ago)

“There are a lot but she isn’t I have worked with her before she is legit real person”

EchosScamAlertBot (me manually operating the bot account)

“Extra note: The account ‘### Username censored ###’ is another sockpuppet account of the scammer, note date of registration: 2025-12-20”

Sockpuppet account

“LMAO I am surely getting you reported for talking bullshit abt a person you dont know you are a actual bot”
(nothing ended up happening)

Recommendations For AO3

Based on the conclusions drawn from this analysis, here are several recommendations:

  1. Since the scammers are most likely operating their accounts manually, using Cloudflare WAF Captchas will not be able to reduce the number of scam comments. In any case, my bot bypassed Cloudflare trivially and left more comments than any single account in that period, so the scammers would be able to do the same;
  2. Rate-limiting comments per account like the current firewall rule also doesn’t work. Although scammers leave more comments than most normal users, authors mass-replying to readers under their own fics would be impacted by this rate-limit. A better firewall rule would be restricting the number of distinct works a user can comment on, or a much tighter rate-limit exempting authors who comment under their own works;
  3. Most of the active scammer accounts are less than 2 months old. AO3 can apply stricter limits on accounts under that age, such as the rate-limits mentioned above;
  4. Scam comments take up a very significant proportion of all guest comments. AO3 has already changed the default setting on new works to not allow guest comments, but some authors are still overriding the default setting, unknowingly exposing themselves to potential harm. There should be a warning message shown to the authors when they try to enable guest comments to inform them of the scams;
  5. All of these scams are directed at authors. AO3 can show warning popups to authors when they publish their first work, notifying them of the nature of the scams;
  6. Some scammers direct their victims to their profile page. Notably, profile pages are not automatically cleared when a scammer gets banned, so the victim can still continue to fall for the scam even if the scammer’s account was banned in good time. AO3’s code should be modified to delete profile pages and profile pictures when a user gets banned;
  7. There are instances where a scammer would use a second account to continue a scam on the same victim when their first account gets banned (with a fake excuse of ‘I lost the account’). Although AO3 deletes the scammer’s original comments, it does not show the victim why the old comments were deleted, simply ‘Previous comment deleted’, so often the victim has no idea what happened and continues falling for the scammer. Instead, the box should tell the author why the old comments were deleted to stop the scam from progressing any further;
  8. When a scammer gets banned, although all their comments are deleted, the contents of the messages will still remain in the authors’ email inboxes (since it’s not possible to ‘recall’ an email), and if the scammer included contact information in it, the author can still progress onto the next stage of the scam. AO3 should stop including the message text in comment notification emails for all guests and accounts less than 2 months old;
  9. It is apparently not clear to a significant number of users that comments can be reported; This could be because, unlike other social media sites, the report button is not next to the comment itself like most users would expect, but rather put in the site footer; AO3 should consider adopting the industry convention of putting a report button near a comment;
  10. The current spam filter, Akismet, is clearly not up to the task of stopping the scammers. AO3 should consider alternative 3rd-party spam filter vendors to complement or replace Akismet, or even develop first-party solutions like the one I made;
  11. AO3 should pre-emptively flag potential scammers for manual review before any reports are sent, in case no one reports the scammer;
  12. AO3 currently deletes the contents of a comment when the commenter or an author deletes it. When AO3 admin staff looks at a user’s comment history, those comments would not be shown or be sent to Akismet for improving the filter. AO3 should consider retaining the comments in the background for staff review and model training;
  13. Some scammers delete their accounts when they get banned. This is likely because, while they can’t create another account under the same email when the old account still exists, if they delete the account they would be able to make a new one under the same email address. AO3 should persist banned users’ email addresses and prevent them from registering a new account.

How The Bot Works

The system uses a client-server architecture. The core server is built with Go, which contains the business logic and several task queues, persisted with Postgres. The clients communicate with the core server with a set of REST APIs, which claim and complete tasks such as scraping comments, finding a work’s authors, performing natural language processing, manual confirmation and sending intervention messages.

This allows me to scale the number of workers independently. For instance, the Archive receives 2 new comments per second on average, which requires 3 browser-scraper instances to keep up. A full browser is used in each of them to prevent Cloudflare from classifying them as bot requests. The IP address rate-limit on AO3’s side is bypassed with a proxy rotator and a pool of 20 IP addresses.

The natural language analysis is done with an on-device open-weight Large Language Model running locally on my own GPU. No comment texts are sent to any 3rd-party services for processing; everything remains on my own personal laptop.

Future Plans for the Bot

While the entire set of programs fit on my laptop, it only barely fits; The browser instances take up pretty much all of my RAM, and the AI model takes up all of my GPU and VRAM. If I run my bot, I won’t be able to use my computer for anything else, hence why I only ran it for 3 days over the holidays. This means I won’t be able to run it 24/7 on my own laptop.

Renting servers on the cloud would also be too expensive for me to bear personally, especially considering the bot requires a GPU for the LLM, not to mention the data security issues and ethics of putting these things on 3rd party servers. In addition, the bot in its current form requires someone to manually confirm whether if someone is a scammer and if an intervention message should be sent.

Therefore the only plausible short-term future is operating in a random day within a week, when I have some spare time to attend the process. In the medium-to-long-term, I could look into reducing queries to the LLM, for instance by only scanning guests and high-risk users, to a point where I could put the thing in a reasonably priced cloud server; Some of the manual steps could also be automated, either using simple rules or with AI.

If the OTW wants to integrate this bot into their workflow, I would be more than happy to help them set this up on their machines. The whole setup is pretty lightweight compared to their application servers, and, provided they are willing to buy a consumer-grade graphics card, they can probably run the whole thing on-premise for less than $200 a year in electricity costs. Alternatively, I would also be happy to set up an email bot to notify PAC when a new scammer is flagged in my system.

Acknowledgements

Many thanks to the OTW System Committee for allowing this bot to operate.

Contents

About Me

EchoEkhi (he/him).

Aspiring software developer, sysadmin, electronics engineer, fandom member. Just aspiring in general.

EchoEkhi cartoon portrait

Documenting adventures in tech, fandom, and in life.

Links

Archives

Categories

Tags

Not availableI’m Declaring War Against “What If” Videos: Project Copy-Knight
©️2023-2026 EchoEkhi Powered By hexo