Wilson's Media

A Tech & Gaming Blog

Crypto scammers are hijacking this Twitter feature to snare new victims

Scammers have found a way to trick people into thinking they’re visiting a legitimate company account on X when, in fact, they’re visiting an impersonator. The method is being used to steal people’s cryptocurrencies.

This method leans onto the way X handles links to different posts. On the platform, when a person posts something, the link to it holds both the username and the post’s unique ID. However, it seems that only the ID is necessary to redirect the visitor to the actual post, so the username in the link can be changed to any name.

So, the hackers would first create an X account impersonating a major company, such as Binance, the Ethereum Foundation, or Chainlink, and post a link to a fake airdrop, a giveaway, or something similar. Then, they would change the username in the link to appear as if the actual Binance, or Chainlink, posted it. 

Bots in action

Then they would distribute it throughout X (and other platforms, probably) using bot accounts. Reporting on the news, BleepingComputer says all of the accounts it observed promoting these scam posts use an account name in the format of name+five digits, such as @amanda_car16095. 

While the campaign started roughly two weeks ago, the vulnerability (if it can be called that) is a lot older. The media reported on it back in 2019 when security researcher Davy Wybiral warned it could be abused in phishing attacks. However, it was never addressed, most likely because it was never used in phishing attacks. 

Defending against these scammers should be relatively easy – just double-check the account name in the post’s URL and make sure it’s legitimate. This becomes a bit of a problem if the victims use a Twitter app to read the posts, as the app will not display the URL. Using common sense is advised – large companies like Binance will rarely promote giveaways and airdrops via Twitter bots. 

More from TechRadar Pro


Source

Scammers have found a way to trick people into thinking they’re visiting a legitimate company account on X when, in fact, they’re visiting an impersonator. The method is being used to steal people’s cryptocurrencies. This method leans onto the way X handles links to different posts. On the platform, when…

Tags: ,
Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archives