It has been reported that Twitter users are being conned out of tens of thousands of pounds a day by accounts impersonating celebrities.
Working with blockchain intelligence firm Chainalysis, Sky News has discovered that multiple independent copycats are behind the scams, rather than a single conspiracy with a dedicated methodology. The fake accounts have struck hundreds of times over the last two months, with the most successful taking away as much as £50,000 a day before using a range of exchanges to convert the proceeds into cash.
The scam takes place after a high-profile Twitter account posts, then an impersonating account with the same image and display name responds in the thread offering to give away cryptocurrency. Claiming that they want to support the cryptocurrency community, the scammers in the guise of the celebrities ask users to send a token sum to an address they provide in order to receive a larger amount back. IT security experts commented below.
Lee Munson, Security Researcher at Comparitech.com:
“Cryptocurrency thieves and other types of scammers are always going to find a platform on which to perform their crimes and it’s no surprise that Twitter has surfaced as one of the more popular of those mediums.
While the social network is in no way culpable for any money lost by its users, it could seemingly be far more proactive in shutting down the fake accounts associated with this type of cryptocurrency ruse. Beyond that, it is largely a case of caveat emptor for anyone buying, selling, trading or giving away virtual currency on Twitter.
As for how the scammers get away with impersonating famous people on Twitter, the answer seems fairly simple – the company cannot block misspellings of names for fear of cutting off real people and so it has to be reactive and rely on an element of human review, something that may not be as quick as it could be due to time constraints.
That in itself is a big problem because the impersonation of celebrities is common, not only on Twitter, but all across the web, though the majority of such accounts are looking to have fun or make a point rather than steal from people.
Thus, for now at least, Twitter users would be advised to consider the old adage that if something seems too good to be true, it probably is. After all, not even a billionaire is likely to give their money away to random followers online, and they are even less likely to ask for virtual currency to be sent to them up front in order to receive a larger sum back!”
Lukas Stefanko, Malware Researcher at ESET:
“Fake accounts and their fake giveaway tweets aren’t adverts, so I don’t think it would help stop people creating accounts and posting fake tweets. However, it could stop or lower phishing attempts on Twitter that targets wallets or exchanges.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.