Security Researchers unearthed a new Twitter scam campaign that targets cryptocurrency users on the microblogging platform.
As per the report by Kaspersky, the malicious cryptocurrency scam campaign is being spread through direct messages where the scammer pretends to be in trouble with their cryptocurrency wallet while trying to withdraw from it and seeks help from a fellow crypto account holder.
The scammer approaches the victim with a request to withdraw thousands of dollars from the crypto account. However, in order to do so, the unsuspecting individual is urged to create and pay for a VIP account, hence trapping them in the scam, leading to a loss of their coins.
After convincing the victim to help the “stranger in need”, which the researchers suspect might include a small amount of money in exchange, the scammer shares a message which includes the domain to enter, username, password, and the amount of cryptocurrency in the wallet, which, the report suggests, is often over hundreds of thousands of dollars.
On following the instructions, the victim ends up on an “investment” website where they are asked to enter the username and password shared by the scammer to access the account. While the scammer builds trust by showing the same amount in the account, as mentioned in the message, the researchers noted that the inferior appearance of the website was quite a giveaway.
However, to withdraw the currency, the victim is prompted to provide their own wallet address, blockchain, and an additional password, which, obviously, the victim is not in possession of. This is where the trick comes into play. With the additional password not available, the victim is asked to transfer the funds within the system. However, to do so, they are requested to create a VIP account that costs a small amount.
Once the victim registers to create the account and adds the details of their crypto wallet, their funds are stolen from the account.
It has been reiterated by experts several times in the past that one of the ways to distinguish legitimate emails, communications, and web pages from fake ones is by spotting several spelling, punctuation, and grammar mistakes. Many scammers miss making well-written content which often gives away their identity.
These screenshots of the Twitter scam show a poorly laid out page with a flat and weak design. Researchers who studied the other samples of the page also argued that the contact list only showed mail. It neither had the name nor the profile picture of the creators of the platform, hence clearly indicating a fraudulent webpage.