A Storm of Tweets Touting Scams Rains Down Upon Crypto Social Media Scene
Social networks continue to be a brooding ground for phishing.
The more legitimate a scammer seems the more successful they are when it comes to being able to pull off the heist. When you factor in the eagerness of would-be crypto investors who are willing to take part in high risk time sensitive offers, it’s a recipe for disaster.
A current event that comes to mind which illustrates this scenario quite well is the case where a phisher was able to get a verified Twitter account and pose as Pavel Durov, CEO of Telegram. In this report, it is illustrated how the verified account @club8music was stolen, and used to send a tweet making false claims about an offer where users could get a share of 5000 ETH and 1000 BTC. Some people might have seen this fake offer before, I know I have, sometimes even trailing my own tweets.
Now, those of you who are familiar with scams on Twitter related to crypto have probably spent a bit of time in the space, and hopefully you have educated your friends and family who are investing. Ideally, you’ve covered the basics, and probably have the Cryptonite browser extension installed, which verifies known crypto-related Twitter accounts and warns you when you go to phishing sites.
If you don’t have Cryptonite installed, or decided to click past warnings you might be among those poor unfortunate souls who sent almost $40,000 in ETH and $20,000 in BTC to nefarious wallet addresses, never to been seen again.
This gaping flaw must be addressed by Twitter, otherwise their verified system will continue to play a role in fueling phishing attacks.
How did we get here?
Early in 2017 token offerings really began to gain steam. Startups raised millions of dollars, in some cases in mere minutes, with token offerings. The Ethereum network was challenged during these days, as transaction throughput tested the limits of the system. Some investors eager to “cut in line” even spent thousands of dollars on gas, or bits of Ether used to pay for transactions on the network.
To those on the sidelines it made for an enticing and exhilarating opportunity. Although extremely volatile, market conditions continued to favor growth in cryptocurrencies. As the value of Ether surged in the months that followed many newcomers found themselves opening up accounts at exchanges and purchasing cryptocurrencies for the first time.
The enormous success of many crowd sales fueled a frenzy that was well reported, and such conditions are favorable to scammers. People learned they needed to act fast in order to be able to participate in token offerings. Add to the mix malicious actors and human error and you get a shark tank with blood in the water.
People began to discover crypto communities on Twitter, and joined chats centric to token offerings on Slack, Telegram, or Discord. A backdrop of legitimate limited time giveaways, airdrops, and the confusing dynamics of forks, such as the one resulting in BCH, were a playground for phishers who capitalized on the frenzied pace at which users are forced to make split second high stakes decisions.
What can we do?
In the case where a verified account is commandeered for wrongdoing, it is absolutely crucial to validate the sites where tweets from the account in question redirect to. Incidents like the one reported above exemplify the sad truth that Twitter’s account verification status is woefully broken.
People who get scammed often find overeagerness and inexperience made them vulnerable. However, if people know what tools use and best practices when participating in the community, the chances of them being the next victim of a phishing attack can be significantly reduced.
For our part, at MetaCert we’ve built the MetaCert Protocol, a decentralized threat intelligence system on the Ethereum Blockchain. The Protocol powers our Cryptonite browser add-on for Chrome, Firefox, and Opera that detects phishing sites and malicious web resources. Cryptonite identifies verified crypto websites as well as social media accounts, and it lets you know it’s safe when the black shield turns green.
The internet is full of trap doors. The tools built by MetaCert will to keep you from falling through one of them.
MetaCert is protecting people from scams with the MetaCert Protocol. You can find out more about the MetaCert Protocol by joining our Telegram community to stay up to date on our blockchain project. Remember to install Cryptonite, to protect yourself from phishing scams before it’s too late.
