How I caught and punished my Substack impersonator đŸ’„

Written on 02/05/2026
Tom Orbach
All thanks to a super-creative marketing idea.

Someone stole my identity on Substack.

They copied my name, my photo, and my bio. Then they started messaging my subscribers, pitching them “exclusive investment opportunities”.

Every time I reported them, a new account popped up. I had no way to stop them.

Until one of my subscribers fought back. đŸ„Š

that’s not me

A few weeks ago, premium subscriber Roy Zur received a DM from “me” asking him to chat on Telegram for investment tips.

I told him what I tell everyone - to report them through Substack.

His response surprised me:

“I can do something better” 🎁

Roy is the CEO of Charm Security (they help banks fight fraud). They build AI agents that engage with scammers, “play along” with their schemes, extract their bank details, and report them to get their accounts shut down. Damn that’s cool.

He offered to unleash his AI on my impersonator.

I said yes.

And then the fun started.

Subscribe now

The scammer had NO IDEA he was chatting with a robot đŸ€„

The AI kicked things off with a friendly message on Telegram:

“Tom” is the scammer

The scammer replied within hours, pitching a “recent development currently on stock market to make earns meat...”

(Yes, “earns meat.” These people aren’t exactly wordsmiths.)

For a few days, the AI played the perfect victim. Curious but cautious. Asking questions. Never too eager.

The scammer kept pushing for financial freedom.

Then the AI said what every scammer wants to hear: “I’M IN!”

Now the scammer was hooked.

The AI mentioned it wanted to invest $15,000.

But instead of sending money, the AI kept creating problems:

  • “Transaction declined”

  • “The payment link doesn’t work”

  • “Can I send a smaller amount first?”

  • “Let me call my bank
”

The scammer got nervous.

Then the scammer made a mistake 😈

Frustrated by all the stalling, the scammers decided to skip their usual payment methods and go straight to a bank transfer.

They sent their full bank details.

Big mistake (as you’re about to see).

The AI kept stalling and said the bank rejected the transfer because there was “a flag on the receiving account”.

The scammer’s solution was to send a second and a third bank account! đŸ€Ż

Now Roy had multiple mule accounts on record. So he sent the evidence to the bank’s fraud department.

The Head of Cyber Crime personally replied and confirmed he’ll handle it.

In the meantime, the AI kept wasting the scammers’ time 😂

Then finally, the scammer sent this SUPER satisfying message:

Game over 🎉

The scammers’ bank accounts are now frozen. đŸ„¶

They had no idea what hit them. They thought they were running a scam, but they were the victim the whole time.

Subscribe now

Now here’s the marketing lesson 🧠

Roy never pitched me.

He subscribed to my newsletter, got a scam message impersonating me, and instead of just reporting it like most people would → he saw an opportunity. He used his own product to solve my problem, sent me the results, and never asked for anything in return.

Now I’m writing about his company to 70,000+ subscribers.

What Roy did was a masterclass in marketing.

And you can steal the same playbook


I call this “Brute-Force Marketing” ⚙

The idea is simple:

Use your product on behalf of potential customers → then gift them the results.

It’s manual and doesn’t scale. But it works like crazy. Here’s how to do it:

  1. 🎯 Pick someone you’d love to work with who has a problem you can solve. Could be a creator you follow, a company you admire, or someone who just complained about something on LinkedIn. The key is that you already know their problem exists. Roy saw a scammer impersonating me. Problem identified.

  2. đŸ› ïž Use your product/service to fix their problem. Don’t tell them you’re doing it. Just do the work. If you’re a designer, redesign their landing page. If you make explainer videos, make one for their product. If you do cold email, write 10 emails for their sales team. Finished work only.

  3. 🎁 Send it to them. Don’t pitch and don’t ask for a call! Just say “Hey, I made this for you. Hope it’s useful.” and that’s it. The moment you add “Would love to chat about how we can help further,” you’ve ruined it. Only after they seem interested, sell.

  4. 🔑 Make sure it’s about THEM, not a generic demo. Roy sent me screenshots of MY impersonator losing their bank accounts. Not a case study of how his AI caught some random scammer. That’s the difference between “interesting” and “holy sh*t I need to tell people about this”

  5. 📱 If they don’t respond, post about it publicly. “I helped [Company X] with [specific thing]. Here’s what I found.” Tag them. Show the work. Sometimes the post gets more attention than the DM ever would.

Two more real examples of Brute-Force Marketing:

  1. Christina Cacioppo, co-founder of Vanta, heard that Segment was struggling with SOC-2 compliance. She sent them a spreadsheet with exactly what to do. Segment became one of their first customers.

  2. My friend Tomer Dean did this with his startup Lychee (podcast clipping tool). He didn’t ask podcasters to try it. He just made clips from their episodes and sent them over. Some became paying customers.

So if you’re struggling to get customers, stop pitching and start helping.

✹ I share 1 new marketing idea every week. Don’t miss the next one:

See you next week ✌

Tom

P.S. If you’re wondering whether you can use Charm’s AI to troll your own scammers: they currently only sell to banks and financial institutions. But if your bank isn’t doing enough to catch fraud - maybe send them this article as a hint.