XRPL Services, an XRPL service provider that offers various tools for the XRP Ledger and Xumm wallet, just exposed a new scam method used by scammers to target users on X.
The scam method involves creating fake X links that redirect users to posts from scam accounts, while appearing to be from legitimate accounts. Notably, scammers craft links that appear authentic at first glance, resembling genuine posts from reputable profiles.
… @X is making it so easy for scammers!
Please be careful ALL!
Scammers are already taking advantage of this:
If you ever see a link like this:https://t.co/qurCK4EMiv
which seems very much like a post from @XahauNetwork because https://t.co/CBfB9oKhTK is the actual REAL…
— Xrpl.Services (@XrplServices) December 17, 2023
The post from XRPL Services illustrates an example link, m.twitter.com/XahauNetwork/s…, which looks like a post from @XahauNetwork, the official X account of Xahau, the newly-launched XRPL Hooks-enabled sidechain.
However, upon clicking this link, X redirects users to a post from the XRPL Services account. Scammers are leveraging this loophole to create links that look like they are from genuine crypto-focused platforms by the mere sight of the link.
XRPL Services emphasizes that this redirection is facilitated by X itself, as the platform dynamically alters the account name in the URL to match the post ID.
How Scammers Exploit This Loophole
Scammers are now using this to impersonate well-known crypto exchanges or projects. The perpetrators post fraudulent airdrop announcements, using the post ID of their scam post. Subsequently, they attach this ID to the profile of reputable entities like @chainlink, @binance, and others, creating an illusion of legitimacy.
These scammers may then ask users to send XRP or other cryptocurrencies to a certain address, or to enter their private keys or passwords, in order to claim the nonexistent rewards.
The team behind XRPL Services underscored the gravity of the situation, expressing disbelief at the lack of safeguards on X’s end. The tweet suggests that instead of silently redirecting users to scam accounts, X should display an error message, signaling that it could not find the post.
Caution is Advised
The team urged users to exercise caution when clicking on links and to always verify the URL in their browser after accessing a particular post. This simple yet crucial step can prevent falling victim to these scams, protecting investors from potential financial losses.
The XRP community has witnessed its fair share of scam schemes, and ironically enough, the perpetrators always leverage a loophole with some established platforms. Last month, the community fished out a deep fake scam video on YouTube featuring Ripple CEO Brad Garlinghouse.
Weeks later, the video was still up on the video sharing platform, raising questions about the efforts taken to remove it. When Elon Musk purchased X (then Twitter), elation filled the crypto community, as one of his primary missions was to rid the platform of bots promoting scams. Over a year later, and the problem persists.