Scammers have long been exploiting Twitter to steal digital currencies from naïve users, but this month one attacker pulled off a rare coup by compromising a verified Twitter account.
Those at risk of impersonation, like celebrities and other public figures, can get their accounts verified by Twitter to show that they are really the people in control of the account. In July, someone managed to gain access to a verified Twitter account for a now-defunct Fox show called Almost Human and use it to impersonate cryptocurrency entrepreneur Justin Sun, founder of the TRON decentralized blockchain application platform.
Almost Human was a science fiction drama that ran for just three and a half months between mid-November 2013 and March 2014. Fox cancelled it after the first season. However, the network appears to have lost control of the Twitter account that had been used for the show. Scammers appear to have compromised the account and updated its display name to Sun’s, whose real Twitter account is here.
The impersonators have retweeted the real Justin Sun account several times, and most recently posted a giveaway invitation, asking followers to go and get free coins. This post now seems to have been taken down.
Cryptocurrency giveaway scams have become a popular activity among fraudsters. The scams, which typically target users of Ethereum and Bitcoin, two of the most popular cryptocurrencies, work by offering free coins online. The catch is that victims must first send a small amount of the cryptocurrency to the address before they receive a larger payout. The scammers keep the money they receive without returning anything.
The technique is a variant of the 419 scams that have plagued email users for so long, in which scammers claim to be high-ranking officials needing to get money overseas. They ask victims to send them a small amount of money in exchange for millions, which predictably never arrive.
Cryptocurrency giveaways have exploded on Twitter, and fraudsters have frequently impersonated celebrities and influencers to spread their silicon snake oil. The methods are depressingly simple: all a user has to do is change their display name. Twitter user names are unique names that show up in your URL, but display names are personal identifiers that show up in your profile page and on your posts. Users can set them to anything.
After impersonating a popular influencer, scammers will then post links (either as shortened URLS or as images) that take them to landing pages that often display large numbers of false transactions to fake social proof.
In the past, fraudsters have used this trick to impersonate cryptocurrency entities ranging from popular exchange BitStamp through to Litecoin founder Charlie Lee. Most memorably, they targeted Vitalik Buterin, co-founder of Ethereum, who changed his username in response to “Vitalik ‘Not giving away ETH’ Buterin” and asked Twitter to intervene.
This isn’t the first time that someone has impersonated Justin Sun or his Tron cryptocurrency venture. BuzzFeed reporter Ryan Mac found others doing it in February, using the same trick.
It gets worse. Scammers took over verified account @adaxnix and made it look like the account of @justinsuntron to solicit donations. The owner of the hacked account emailed Twitter to regain access but Twitter refused give it back because they couldn’t verify the real owner. 5/ pic.twitter.com/bjLG7CLzjn
— Ryan Mac (@RMac18) February 26, 2018
Source : Naked Security