In a recent Medium post, the SlowMist Security Team said it has been inundated with reports of theft within the cryptocurrency community.
“Upon analyzing these incidents, we discovered that many thefts were caused by phishing comments posted under tweets from well-known project accounts!”
Modus Operandi of Scams Targeting Famous Projects
The modus operandi of Twitter scam accounts is multifaceted and requires a combination of social engineering and technical expertise, SlowMist said.
Firstly, scammers have found a way to purchase Twitter accounts, with numerous Telegram groups and dedicated websites offering these accounts for sale.
These accounts range in terms of follower counts, post history, and registration dates, making them appear legitimate to unsuspecting users.
Some of these accounts even mimic the usernames of well-known projects, creating a false sense of trust.
For example, a fake account called “Optimlzm” may try to deceive users into believing it is the real “Optimism” account.
Once the scammers acquire these accounts, they employ promotional tools to boost their credibility.
These tools allow scammers to buy followers, likes, and shares for their accounts, further enhancing their appearance of legitimacy.
These services, which often accept cryptocurrency as payment, have processed millions of orders, demonstrating the scale of this illicit industry.
Armed with these fake accounts and a bolstered reputation, the phishing groups proceed to mimic the information found in legitimate project accounts.
They carefully monitor the activities of well-known projects and use automated bots to ensure that their comments appear first under project tweets.
By capitalizing on the trust placed in these projects and the similarity between their fake accounts and the genuine ones, scammers can deceive users into clicking on phishing links and unknowingly authorizing malicious transactions.
Fake Account Impersonating Optimism
An example of this deceptive tactic occurred when the official Optimism Twitter account posted a tweet earlier this month.
The first comment under the tweet, which received high interaction, was from a phishing group and included a link to their “official website.”
However, a closer examination of the link revealed it to be a phishing link, cleverly disguised to appear legitimate.
In a warning, SlowMist CISO highlighted the prevalence of these phishing accounts in project comment sections.
注意 OP @Optimism 官网下面第一条浏览量巨大的留言是钓鱼!目前已经有用户中招!
"i"换成"l"
Scam Scam Scam !👇 https://t.co/CymTgd9pxn pic.twitter.com/mIlR4TTZn3— 23pds (@IM_23pds) January 12, 2024
To counteract these phishing scams, several countermeasures can be implemented.
First and foremost, users can integrate anti-phishing plugins to detect and alert fake domain names associated with phishing incidents.
Real-time alerts can help users avoid falling victim to deceitful signature requests.
Additionally, wallet signature verification and interaction safety features that display clear and detailed authorization details can serve as a final barrier against phishing attempts.
However, the responsibility for personal security awareness ultimately lies with the users themselves.
Building a strong security mindset and exercising caution when clicking links, authorizing transactions, or signing messages is crucial in protecting oneself from falling into these traps.