Crypto scammers pose as journalists, NFT projects on Twitter

Since March, fraudsters have impersonated journalists, crypto apps and a variety of nonfungible token (NFT) projects on Twitter in order to steal information from users. — AFP

Internet scammers are using hijacked accounts on Twitter Inc to promote dubious cryptocurrency platforms that, once installed, enable them to compromise victims’ sensitive data, according to new findings provided exclusively to Bloomberg News.

Since March, fraudsters have impersonated journalists, crypto apps and a variety of nonfungible token (NFT) projects on Twitter in order to steal users’ virtual currency, usernames and password credentials, according to research from Satnam Narang, a staff research engineer at the cybersecurity firm Tenable Inc. Many of the targeted accounts are verified, an indication to investigators that scammers are either hacking specific pages, paying for illicit access, or both.

As part of the alleged scam, thieves have masqueraded as members of the Bored Ape Yacht Club, a popular collection of NFTs, as well as the Azuki collection, the MoonBirds project and the Okay Bears NFT community, which has more than 150,000 Twitter followers, Narang found.

In one instance, scammers posed as a legal affairs reporter from the Age, an Australia-based news service, asking users to visit a suspicious link in order to claim a small amount of the virtual currency Ethereum, according to the research. Intruders also appear to have temporarily taken over the Twitter page of a freelance journalist who covers the gaming industry and created profiles that appear similar to real ones, according to the findings.

The imposter Twitter accounts have typically encouraged followers to visit specific links, or download new apps, Narang said. Those apps often persuade users to provide access to their mobile cryptocurrency wallets, from which the attackers can quickly extract funds. Each of the fraudsters’ pages, whether an app or a phishing link, are carefully designed to look like legitimate, trustworthy websites, according to the findings.

The tactic represents an upgrade from a more traditional fraud technique of mass-spamming social media users, or impersonating famous people, such as Tesla Inc chief executive officer Elon Musk, an outdated tactic that’s relatively simple to detect, Narang said in an interview. The use of verified Twitter accounts adds a layer of legitimacy, and the chance to seize on a money-making opportunity in cryptocurrency adds some urgency to the scheme, said Narang.

“They look indistinguishable from real apps, and people just aren’t looking closely at the links,” he said.

When a Bloomberg News reporter analysed an app that purported to be for Azuki, an anime-themed NFT project with more than 300,000 followers, it was flagged as malware.

In May, scammers used a fraudulent Twitter page @OlthersideMeta, that tricked users into believing it was @OthersideMeta, a legitimate site that blends video games with the metaverse, according to the research.

Losses incurred from the scams are difficult to quantify, however the activity is the latest example of attackers leveraging cryptocurrency – and the hype surrounding popular projects – to generate funds. Americans reported more than US$1.6bil (RM7.02bil) in cryptocurrency-related fraud in 2021, a massive uptick from the US$246mil (RM1.08bil) the year before, according to the FBI’s Internet crime complaint center report. The true figure is likely to be much higher, as many would-be investors flock to speculation-style schemes and don’t report instances of fraud, Narang said.

“Scammers are so adept at pivoting into what people are interested in,” he added. “This is a small sampling of what’s happening across this space.” – Bloomberg

Article type: free
User access status:
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!



Next In Tech News

Apple launches self service repairs in Europe
How human team mates got along with Lena, their new robot colleague
Android help: What to do when an app just stops working
Vacuum cleaner maker Dyson working on ‘self-improving’ machines
A look at three games that won a coveted Apple App Store Award
U.S. Supreme Court agrees to hear Coinbase arbitration dispute
Broadcom faces EU antitrust probe into $61 billion VMware deal - sources
Getir buys fast grocery rival Gorillas in $1.2 billion deal
Ericsson and Apple end patent-related legal row with licence deal
SAP to stop developing new functions for Business ByDesign software -Handelsblatt

Others Also Read