Scammers have found ways to give the rather dated Nigerian Prince scam a new twist: Abuse social media to steal cryptocurrency such as ethereum or bitcoin. And if recent reports were any indication, it appears unwitting victims were indeed conned into sending their cryptocurrencies to the fraudsters.
The scam is rather simple, but one that can potently trick unknowing victims. The scheme involves fraudsters creating Twitter accounts that mimic the handles of high-profile personalities and organizations (e.g., John McAffee, Elon Musk, Donald Trump, Ripple, CryptoCoinsNews). They then use the spoofed accounts to reply to genuine tweets, appearing to start a thread or conversation. They claim that as much as 30 bitcoins will be given back to their followers who send a seemingly meager 0.02-0.03 bitcoin to a specific wallet/address.
The get-rich-quick scams appear to be working, based on the tweets that constantly crop up. And while many may have already flagged these tweets as ludicrous and easily avoidable, the bitcoins sent to a bitcoin address from a fake tweet already totaled 0.184 bitcoins, or around US$1,474. Not a bad return on investment for a scheme that requires minimal effort.
The combination of feigning the credibility of famous people and organizations and the increasing real-world value of cryptocurrencies makes for a potent social engineering lure. The scams are also a sign of things to come for the threat landscape: refining tried-and-tested techniques and deploying them on burgeoning technologies and platforms.
The number of ways cybercriminals are so far using to capitalize on cryptocurrencies reflects this. The Digmine cryptocurrency-mining malware, for instance, abused Facebook in order to proliferate. From phishing investors to hacking the organization’s cryptocurrency exchange and zombifying devices with rehashed grayware and malware, cybercriminals will always look for ways to break into an organization or user’s system. This calls for defense in depth, where security measures are set up at each layer of the system or infrastructure to prevent security gaps that can be exploited.
When chancing upon these scams, users should secure their social media accounts and learn how to verify sources. Twitter, for instance, has security and privacy policies that promptly flags and removes fraudulent accounts or messages. Users can do the same by discerning where social media content is coming from. Beware of dubious social media content (or email) with equally suspicious requests, such as those that ask for bitcoins. If the deal sounds too good to be true, it most likely is.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.