Risk actors have began to make use of ‘Promoted’ tweets, in any other case generally known as Twitter advertisements, to unfold cryptocurrency giveaway scams.
For a while, BleepingComputer has been reporting on scammers hacking into verified Twitter accounts to advertise faux cryptocurrency giveaway scams. These scams fake to be from well-known folks or corporations, reminiscent of Elon Musk, Tesla, Gemini Trade, and, extra lately, Chamath Palihapitiya, and Social Capital.
These scams have been extremely profitable for the menace actors, with one spherical of scams generating over $580,000 in a single week.
As these scams proceed to generate income, the menace actors have additionally begun to focus on different cryptocurrencies which have lately develop into common, such as Dogecoin.
Transfer over hacks. Whats up, advertisements!
To advertise their providers and content material, Twitter customers can ‘promote’ an current tweet by paying to have it proven to different customers of their Twitter feeds.
As you’ll be able to see from the above photographs, each tweets are being promoted by Twitter and comprise URLs to cryptocurrency giveaways.
When creating the tweets, the scammers break up the URL in order that Twitter’s advert fraud detection algorithms don’t detect them.
Just like the earlier giveaway scams, these URLs result in faux Medium pages pretending to be from Tesla, Social Capital, and Gemini Trade that comprise additional hyperlinks to the precise giveaway websites.
The giveaway websites’ remaining touchdown pages are generally Tesla, or Elon Musk-themed and comprise a Bitcoin, Ethereum, or Dogecoin handle that customers are advised to ship cash. In return, the scammers state that the sender will obtain double the quantity that they despatched.
From taking a look at only some of the scams, the Bitcoin and Ethereum addresses used have generated a complete of $39,628.06 to date.
A number of the cryptocurrency addresses utilized in these scams are listed beneath:
- 0xc77Ec8E5bbB723e6cEa13fD33bfF53262bb02b86 – 0.118890894374483125 Ether
- 0xE1a6d4699Bd6520ADdEcD46b52dd2eFC833142ED – 0.915305158603885603 Ether
- 1MoP7JTQuJE8K9pv8mV9uwo5efCgRtLYNU – 0.02196955 BTC
- 1MUSK2xaUCQmdEM8DrUJQ9RSgTdLqnKium – 0.54653960 BTC
- 1Musk7UAHXM6YBtccdaqK7ttsRxSTUSDVH – 0.11815051 BTC
Sadly, the scammers presently use many extra cryptocurrency addresses, so the quantity generated might be much more important.