Since March, fraudsters have impersonated journalists, crypto apps, and a variety of Non-Fungible Tokens (NFTs) projects on Twitter to steal users’ virtual currency, user names, and passwords. The Internet scammers have been using hijacked accounts on Twitter to promote dubious crypto platforms that enable them to access victims’ sensitive data, according to Bloomberg news.
Satnam Narang, a staff research engineer at Cyber Security firm, Tenable has emphasized that many of the targeted accounts are verified, an indication to investigators that scammers are either hacking for specific pages or paying for illicit access.
According to Narang, some scammers have masqueraded as members of the Bored Ape Yacht Club as well as the Azuki collection, the MoonBirds project and the Okay Bears NFT Community, which has more than 150,000 Twitter followers. Others have posed as legal affairs reporters from the Age, an Australian based news service, directing users to a suspicious link where scammers can claim a small amount of Ethereum. Some imposter accounts have persuaded users to download new applications that provide access to digital wallets where the scammers have extracted funds.
The research also adds that the intruders appear to have temporary control over a gaming industry freelance journalist. They have created profiles that appear similar to the ones that were created by the owners and each page is designed carefully to have trustworthy and legitimate websites.
This tactic is an upgrade from the traditional technique where scammers have been mass spamming social media users. Narang added that the use of verified Twitter accounts adds a layer of legitimacy and the chance to seize on the money-making opportunity in cryptocurrency.
“They look indistinguishable from real sites and people just aren’t looking closely at the links,” He said.
One of the Bloomberg news reporters analyzed an app that purported to be Azuki, an NFT project with more than 300,000 followers and it was flagged as malware.
Losses incurred from the scams are difficult to quantify, however, the activity is the latest example of attackers leveraging cryptocurrency and NFT projects to generate funds.
“Scammers are so adept at pivoting into what people are interested in,” He added. “ This is a small sampling of what’s happening across this space.”