
Other
Username Spoofing: How Scammers Use Capital-I-for-Lowercase-L — and How to Catch It Every Time
One character. Hundreds of dollars lost. Here's the cheat code scammers don't want you to have.
Updated Jun 2026 · sourced from 17 YouTube creators and 8 operator groups
Key takeaways
- Scammers swap uppercase I for lowercase l — the words look identical at a glance.
- @btzofficiai is NOT @btzofm — and real BTZ never DMs you first.
- Rename every Telegram contact immediately; if the name doesn't match your label, it's a fake.
- Always use a middleman you created the group for yourself — never one they suggest.
- Verify the @username field, never the bio or display name — both are trivially faked.
Someone slides into your Telegram. They know your name.
They know the marketplace you use. Their profile picture matches perfectly.
They quote you a fair price, push for speed, and the only thing separating you from a $900 loss is one character you'll never notice unless you know to look.
That character is a capital I.
The Oldest Trick in the Spammer's Playbook, Still Working in 2026
The attack is simple: take a trusted username, find any lowercase l in it, replace it with an uppercase I. In most Telegram fonts, they are pixel-for-pixel identical.
Two documented examples have surfaced repeatedly across multiple separate operator groups between late 2025 and mid-2026:
- @btzofficiai impersonates @btzofm — the fake handle inserts a capital I where the real account uses a lowercase l at the end of "official."
- @iiquidback impersonates @liquidback — the leading lowercase l in "liquid" is swapped for a capital I.
These aren't one-off warnings. The BTZ impersonator specifically has been flagged across five separate operator groups over a six-month window (December 2025 through May 2026).
That's not chatter noise. That's a sustained, active campaign.
One group reported a $900 loss to a fake BTZ account. Another flagged a $1,400 theft by an account called "Villain" operating under a spoofed handle.
These aren't hypotheticals.
Why Telegram Makes This Trivially Easy
Telegram separates three distinct identity layers, and scammers exploit all three:
- Display name — completely free-form, changeable at will, meaningless as verification.
- Bio — same story. Anyone can write anything.
- @username — the only field that matters, and even here one character swap is enough.
The consistent operator consensus (across every group that discussed this, from December 2025 to May 2026): verify the @username field only, not the display name, not the bio. Save the correct username yourself and DM them first — never respond to an unsolicited inbound.
One group put it cleanly: most Telegram contacts you don't already know are scammers. Admins of legitimate marketplaces do not cold-DM to sell.
The Real BTZ Is @btzofm. Full Stop.
This bears repeating because the evidence is overwhelming.
Across five distinct operator groups, the same facts appear independently:
- The only legitimate BTZ handle is @btzofm.
- Real BTZ never DMs first and never sells directly.
- Any account with BTZ's picture that messages you is an impersonator.
- The BTZ marketplace has been reported as inactive — any account claiming otherwise is running a scam.
The fake @btzofficiai (capital I, not lowercase l) has been specifically named in warnings so many times it reads like a public service announcement at this point.
If you received a DM from "BTZ" and didn't find them at exactly @btzofm, you were talking to a scammer.
The Rename Defense: Your Single Best Countermeasure
Here's the fix that costs nothing and works every time.
Telegram lets you assign a custom label to any contact — a name that only you can see, stored locally on your device. The moment you verify someone's real @username, rename that contact immediately.
Something unambiguous: "BTZ REAL — verified April 2026" or "Marshal MM — confirmed."
Now the test is automatic: if a new message appears from someone claiming to be that person and the name displayed doesn't match your custom label, it's a fake. Full stop.
No analysis required.
Operators in multiple groups have flagged this exact tactic (December 2025 to May 2026). The logic is airtight: a scammer can clone a display name and copy a profile picture, but they cannot overwrite the custom label you've saved on your own device.
Rename your contacts. Do it now, before you need it.
The Middleman Rule — and the Meta-Scam Inside It
For any significant Telegram transaction — buying channels, accounts, or services — the standard advice across multiple groups is to use a trusted middleman. The recommended name that appears consistently is @marshal.
But there's a wrinkle. The same spoofing attack applies to middlemen.
The defensive protocol, repeated across groups:
- Create the middleman group yourself. Don't accept an invite to a group they made.
- Add the middleman and the counterparty yourself, individually, by @username.
- Verify both @usernames in the group before any money moves — not their display names, their @usernames.
If they suggest the group, they control who's in it. A fake "@marshal" with a capital I somewhere in the handle is indistinguishable from the real one unless you check character by character.
The Broader Impersonation Playbook
I vs l is just the most elegant version. The full toolkit scammers use in this space is wider:
- Profile picture cloning. Copy the avatar, copy the display name, hope no one checks the handle.
- Fake marketplace claims. One group noted that a platform called Oura has no marketplace at all — any account claiming to sell through one is an impersonator scammer.
- Urgency and social proof. Real deals don't rush you. [Y7 equivalent pressure tactics] — operators across multiple groups echoed this: if someone is pushing you to move fast without proof, that's the signal.
- Fake middlemen in their group. If they create the escrow group, they can add a fake @marshal-lookalike. You'll think you're protected. You're not.
- Secondary scam accounts used for fake reviews. At least one operator group flagged a specific traffic vendor using secondary accounts to manufacture positive reputation before executing chargebacks — $2,000 in reported losses in one case.
Screenshot everything the moment something feels wrong. Capture the timestamp, date, username, and full message text before it can be deleted or unsent. (SWCEO, Feb 2026)
Store it somewhere accessible in case legal escalation becomes necessary.
How to Verify a @Username (The Actual Steps)
Don't eyeball it. Eyeballing is how $900 disappears.
Step 1: Ask yourself if this person messaged you first. If yes, extreme caution.
Step 2: Open their profile. Tap the @username to copy it.
Step 3: Paste it into a plain text editor — Notes, a Google Doc, anything. Compare character by character against the known real handle.
Step 4: If you have any doubt, use @spambot on Telegram to check whether the account is restricted or banned. A flagged account that's still DMing you is a red flag in itself.
Step 5: Search the username in the bot-bouncer subreddit before completing any transaction. This was flagged as a useful check by operators in early 2026.
Step 6: Rename the contact immediately after verification.
For buying Telegram usernames outright, one group's consistent advice (early 2026): buy direct through fragment.com, the official auction platform. Verify your account, acquire TON, bid.
Do not use reseller sites — phishing is rampant on lookalike domains.
Where Operators Actually Disagree
The evidence is unusually consistent on the core mechanics of the scam. But two areas show genuine tension:
On middleman dependency: Most groups treat middlemen as mandatory for any significant deal. A minority view — surfaced in at least one group — is that even middlemen can be impersonated, making the middleman layer itself a false sense of security unless you create the group yourself.
Both positions are reasonable. The correct answer appears to be: use a middleman and verify @usernames and create the group yourself.
No single step is sufficient alone.
On how active BTZ currently is: At least one group flagged the BTZ marketplace as inactive as of early 2026 — suggesting any BTZ-branded sales pitch is fraudulent on its face, regardless of whether the username checks out. Other mentions treat BTZ as a real entity that simply doesn't cold-DM.
These aren't fully contradictory, but they're worth naming: if the marketplace is genuinely dormant, the answer to "is this BTZ offer real?" is almost certainly no, even if the username somehow matched.
The Username Consistency Trap
There's an irony buried here. Standard OFM advice is to use the same username across every platform for discoverability — so fans who find you on one can find you everywhere. (Gavin Magoon, Oct 2025)
That's sound strategy. But it also means a consistent, recognizable username is a prime spoofing target.
The more established and consistent your handle, the more valuable it is to clone.
This isn't a reason to abandon username consistency. It's a reason to be more paranoid about verification, not less.
The Bottom Line
One character costs people real money, repeatedly, and has been doing so across this industry for at least the last six months.
The defense isn't complicated:
- Never respond to unsolicited inbound DMs claiming to be a marketplace, admin, or known figure.
- Verify @usernames character by character — copy, paste, check.
- Rename every contact immediately after verification so future fakes are obvious at a glance.
- Create your own middleman group; never join one they made.
- Screenshot everything suspicious the moment you see it, including timestamp and full username. (SWCEO, Feb 2026)
A capital I is not a sophisticated attack. It's lazy, it's fast, and it keeps working because most people never think to look.
Now you do.
Look.
Sources
On the record (YouTube creators):
- SWCEO — EP 172: Doxxing, Leaks, and Blackmail. How You Can Stay Protected as an Adult Creator, Feb 2026. Watch ↗
- Gavin Magoon — OnlyFans SEO Guide: How Creators & Agencies Rank Higher and Get More Fans, Oct 2025. Watch ↗
Community intelligence: 48 operator claims aggregated from 8 separate private OFM groups (Dec 2025–May 2026), corroboration counted across groups. Group identities are withheld to protect sources; browse the underlying intel in the Community Intel Wiki.