How scammers steal cryptocurrency from Twitter users | Kaspersky official blog
Credit to Author: John Snow| Date: Tue, 10 Jan 2023 18:04:04 +0000
The best way to avoid falling for scams is to always think critically, even skeptically.
What would you do, say, if someone sent you a DM on Twitter with the login credentials for some cryptocurrency account asking for help to withdraw money from it?
The right thing to do would be to ignore the message. But maybe, just maybe, it’s for real? What if this is your chance to get rich? Together let’s take a look at what doesn’t smell right and list all the red flags, especially since Kaspersky experts recently discovered a spam campaign of this type.
First, let’s take a look at a screenshot of the message:
A stranger on Twitter sends you the credentials supposedly for the account of a certain Adam on some cryptocurrency platform that they say holds a six-figure amount. The sender apparently needs your help to withdraw this amount.
Surprisingly, if you go to the site and enter the credentials, you will be taken to an actual personal account containing the amount specified or thereabouts. But we haven’t yet sniffed out the fraud.
Think critically and look for red flags
Let’s start with the basics: if you had a few hundred thousand dollars, would you ask a complete stranger to help manage it? No? And no one else in their right mind would! This reasoning alone is enough to consign the message (and all other 419 fraud spam) to the trash can.
But our task is to investigate all the red flags, so let’s find a reason to carry on: suppose circumstances have indeed forced a complete stranger to seek help and their choice has landed on you. What else looks out of place?
First, let’s get to know the anonymous do-gooder a bit better. Their Twitter account has precisely zero followers, and they follow the exact same number of other accounts: another clear red flag, since the whole point of creating a social media account is to communicate and follow others.
Second, our counterparty is not sociable: we tried sending them messages, but got no response for a week. That’s also a red flag, indicating that the message is a mass mailing, which means that tens, hundreds, even thousands of people were sent the same username and password. How many of them do you think already tried to log in?
Third, a reddish flag this one, the username and password suggest the user is called Adam (“Adam’s” password, incidentally, is rather weak), while the Twitter handle the message came from has nothing to do with any Adam. Is it that our counterparty wants to get us to empty a hijacked cryptocurrency account and make us a partner in crime?! (Actually there is no cryptocurrency at all in this account, but more about that later.)
Lastly, experts will spot another red flag — a space in the URL of the site where the cryptocurrency is supposedly located. This is how scammers try to bypass security in the e‑mail account where you are notified about a new message on Twitter.
After you actually go to the site, the red flags pop up one after another: the design is simple and slapdash, and googling the domain name serves up only results about scams. A real, even little-known cryptocurrency exchange would surely have some reviews in media or on forums. This one has none, which screams the word “fake.”
And that’s even before we get to the killer red flag, exposing the whole essence of the scam.
Paying to withdraw cryptocurrency
It turns out that in order to withdraw funds outside the platform, one more password is required: a so-called Trade key, which no one gave us. But it is possible to transfer money within the platform itself, for which you need to create a new account with VIP status and fill it up with Adam’s money. That done, we’ll be able to withdraw it without a hitch, because we have all the necessary passwords, right?
To get VIP status, you need to deposit some money to the new account by giving your cryptocurrency wallet details. When you do, there’ll be nothing to withdraw anyway, while your own wallet will be bled dry using the credentials kindly provided by you.
The platform itself is just a phishing site, with no whiff of cryptocurrency. In the recent campaign, scammers set up several such sites and sent out login details to various Twitter accounts.
As for the “cryptocurrency platform,” there are two suspicious signs. First, cryptocurrency is never sent by the give-us-your-wallet-details method; rather you receive a payment address to send the required amount to from your wallet interface. Second, no financial platform worthy of the name would ask you to use third-party funds for handling money already on it. Charge a transfer fee, be our guest, but demand payment using one card to withdraw money from another? That’s downright weird.
And we haven’t even mentioned the bad English and crooked layout — the ever-present hallmarks of phishing sites.
How to avoid phishing nets
So as not to fall victim, you need to understand how scammers work and be able to spot all the inconsistencies. To that end, we have identified all the red flags in the above cryptoscam.
Questions to ask yourself when confronted with any juicy offer are:
- Why is a complete stranger asking me for help and not someone they know?
- Could it be a bot?
- Isn’t it odd that they don’t reply?
- Does the message look suspicious (for example, in the domain name mentioned there’s a space for fooling mail filters)?
- What sort of site am I being asked to visit? What are people saying about it online?
- Do its design and interface inspire trust (sure, half of all websites don’t, but you don’t use them for sending money, right)?
- Does it seem logical what you’re being asked to do?
- Is it normal to have to pay using third-party funds to perform transactions with money already on the platform?
- Am I being hurried so that I would let my guard down?
- Does it sound too good to be true?
By taking a deep breath and answering them to yourself, you will better understand what is going on and not lose your head over the thought of easy money that seems so close.
The abundance of red flags in this case clearly indicates you’re dealing with scammers. But even just one should be enough to alert you. Even if such a message came not from a random user, but from a friend, you should still be vigilant: who knows, maybe your friend was hacked?
Sadly, scammers thrive due to the fact that even vigilant people are human, and sometimes swallow well-crafted bait. So it’s better to adopt a belt-and-braces approach and use a reliable security solution that spots suspicious links and blocks access to fraudulent sites.
And be sure to read our blog post about how to protect yourself from phishing — a very useful skill that will guard against a variety of troubles.