MARKETREALIST.COM / NEWS

Crypto Scammers are Using a key Twitter Feature to Scam Users; Here's how to Spot Red Flags

The exploitation raises concerns about user security, emphasizing the need for vigilance amid the growing sophistication of online scams.

BY SAHIB PREET SINGH

PUBLISHED DEC 28, 2023

The bitcoin website | Getty Images | Photo by Sean Gallup

Twitter feature exploited: Impersonating high-profile accounts

A visual representation of the digital Cryptocurrency, Bitcoin | Getty Images | Photo by Chesnot

Tactics being used by cybercriminals keep evolving at a pace faster than the cybersecurity mechanism and experts are able to keep up with. Now, in a development that has caused concern globally, crypto scammers are manipulating a key Twitter feature to orchestrate scams, phony giveaways, and fraudulent activities, using well-known account names. The exploitation centers around a redirect mechanism inherent to Twitter's structure, as explained by BleepingComputer.

What is the vulnerable Twitter feature?

Twitter utilizes a URL structure composed of the account name and a status ID, disregarding the validity of the account name. This opens the door for scammers to manipulate URLs, redirecting users to posts associated with high-profile accounts. Despite previous warnings about its potential misuse, the feature is now being exploited for crypto scams.

Security researchers have observed scammers mimicking reputable crypto-related accounts like Binance, Ethereum Foundation, zkSync, and Chainlink. The deceptive URLs appear authentic, leading users to believe they are accessing legitimate tweets from these organizations.

Crypto scams unleashing chaos in digital spaces

Scammers are redirecting users to unrelated accounts that promote fraudulent crypto giveaways, websites employing wallet-draining tactics, and Discord channels advocating pump-and-dump schemes. The redirection tactic adds a layer of sophistication to these scams, making it challenging for users to tell the difference between legitimate and malicious content.

Twitter logo | Getty Images | Photo by Chesnot

Deceptive account naming convention

Most scam accounts employ a naming convention with a combination of a name and five digits for example @amanda_car16095. This format aims to deceive users and create an illusion of legitimacy around the handle. The tactic capitalizes on the fact that many users may not scrutinize the account details closely.

Risk factors and countermeasures

While some users can utilize the Quality Filter to mitigate exposure to scam tweets, it comes with the drawback of potential filtering errors. Identifying scam tweets may be straightforward for most users but some could slip through especially when scammers create accounts closely resembling legitimate entities. Mobile users face added challenges due to the absence of an address bar in the app interface. Scam tweets may appear more credible on mobile devices, potentially leading users to believe that reputable organizations are endorsing fraudulent content. Vigilance, especially when clicking on links, becomes a crucial tactic for Netizens to steer clear of a scam.

Twitter's unchanged security feature

Despite the exploitation, Twitter's redirect feature remains unchanged, posing a continued threat to users. As the platform maintains this standard feature, users are urged to scrutinize the URL and ensure they are directed to the intended tweet, staying vigilant against potential redirection.

The prevalence of crypto scams on Twitter sheds light on a need for users to exercise caution when engaging with crypto-related content. As scammers employ increasingly sophisticated tactics, the onus is on individuals to verify the authenticity of posts and URLs to protect themselves from falling victim to fraudulent schemes. Twitter users are advised to stay informed about such threats and adopt best practices to navigate the evolving landscape of online scams.