The SlowMist Security team revealed receiving numerous reports of theft. Upon investigation, they found that a significant portion of these thefts were facilitated by deceptive comments under tweets from well-known projects.
As such, approximately 80% of comments under tweets from such projects were identified as phishing scam accounts.
SlowMist Exposes Phishing Tactics
SlowMist also observed multiple Telegram groups engaged in the sale of Twitter accounts, offering some with varying follower counts, post numbers, and registration dates to cater to different buyer preferences. Most of the accounts sold in these groups were related to the crypto industry or belonged to influencers.
Additionally, dedicated websites specializing in the sale of Twitter accounts were discovered, featuring such from different years and offering options for purchasing accounts with usernames closely resembling legitimate ones, such as the example of “Optimlzm” imitating “Optimism.” These websites commonly accept cryptocurrency payments.
Upon acquiring existing accounts, phishing groups utilize promotional tools to enhance their credibility by purchasing followers and interactions. These tools, which also accept cryptocurrency payments, provide services like likes, shares, and follower boosts across major international social platforms.
A platform catering to such services claimed to have processed over 1.3 million orders, with 20,000 individuals having utilized their offerings.
Armed with these resources, phishing groups proceed to mimic the information and appearance of legitimate projects, making it challenging for users to differentiate between authentic and fraudulent accounts. The next essential steps in their phishing operation include:
- Automated bots track prominent projects’ activities.
- Phishing group bots quickly comment on project tweets to gain prime visibility.
- Users who mistake the posts for legitimate ones are more vulnerable. They may click on phishing links promising airdrops from fake accounts, leading to inadvertent authorization of malicious transactions and financial losses.
Security First
Countermeasures include the optimization of anti-phishing plugins. This involves plugins and browsers that can promptly warn users upon accessing phishing pages, averting deceitful signature requests and thwarting potential risks.
Wallet signature verification and interaction safety features include wallets equipped with signature detection and transparent display of authorization details that offer a protective shield. Users can verify transaction specifics, minimizing the risk of falling victim to scams.
Lastly, personal security consciousness is crucial. Despite supportive tools, users must scrutinize links, authorizations, and signatures, mitigating the risk of coin loss or deception.