Scammers have found a way to trick people into thinking they’re visiting a legitimate company account on X when, in fact, they’re visiting an impersonator who will simply steal their cryptocurrency.
This method leans onto the way X handles links to different posts. On the platform, when a person posts something, the link to it holds both the username and the post’s unique ID. However, it seems that only the ID is necessary to redirect the visitor to the actual post, so the username in the link can be changed to any name.
So, the hackers would first create an X account impersonating a major company, such as Binance, the Ethereum Foundation, or Chainlink, and post a link to a fake airdrop, a giveaway, or something similar. Then, they would change the username in the link to appear as if the actual Binance, or Chainlink, posted it.
Bots in action
Then they would distribute it throughout X (and other platforms, probably) using bot accounts. Reporting on the news, BleepingComputer says all of the accounts it observed promoting these scam posts use an account name in the format of name+five digits, such as @amanda_car16095.
While the campaign started roughly two weeks ago, the vulnerability (if it can be called that) is a lot older. The media reported on it back in 2019 when security researcher Davy Wybiral warned it could be abused in phishing attacks. However, it was never addressed, most likely because it was never used in phishing attacks.
Defending against these scammers should be relatively easy - just double-check the account name in the post’s URL and make sure it’s legitimate. This becomes a bit of a problem if the victims use a Twitter app to read the posts, as the app will not display the URL. Using common sense is advised - large companies like Binance will rarely promote giveaways and airdrops via Twitter bots.
More from TechRadar Pro
- BlackCat strikes again - and this time it's breached a healthcare giant
- Here's a list of the best firewalls today
- These are the best endpoint protection services right now