Cryptocurrency giveaway scams are making a comeback, with fraudsters posing as John McAfee, Elon Musk, and the Tesla company, BleepingComputer reports.
The scams are being shared on Twitter using phony accounts, and the URL in the tweets leads to a website that very convincingly spoofs Medium, a popular online publishing platform.
The site appears to be a Medium article announcing an official giveaway of Bitcoin and Ethereum, and it provides a link for users to visit another site where they can receive their free money.
This site has a ticker showing how much cryptocurrency is left, accompanied by a list of transactions that other people are supposedly making in real time. This is meant to motivate the victim into acting quickly before the money runs out. The site contains instructions for users transfer between 0.05 and 5 Bitcoins or between 0.5 and 50 Ethereum to an address in order to verify their wallets. The scammers claim that the victims will receive back ten times the amount that they transferred for verification.
The scams appear to be working, at least a little bit, because the Bitcoin address used in the Tesla scam has received $4,473 in Bitcoin, while the McAfee scam has generated $310 worth of Ethereum. BleepingComputer notes that it’s possible that the scammers placed this money in the wallets themselves to make the scam more convincing, but this doesn’t appear to be the case.
Cryptocurrency scams are nothing new, but this one is interesting because it tricks victims into first visiting what appears to be a trustworthy publishing site in order to convince them to trust the links that the attackers are pushing. The fake Medium site has the website elements used by the legitimate site, as well as a comment section with fake people thanking Musk and McAfee for their generosity. And, of course, the maverick reputations Messrs. McAfee and Musk glory in also contribute to the faint air of plausibility.
Of course, an observant user would notice that the spoofed Medium site’s URL isn’t legitimate, and that the cryptocurrency giveaway page is hosted on the same domain. Ideally, though, they would recognize it as a scam as soon as they saw the initial tweet. New-school security awareness training can give your employees the knowledge necessary to identify social engineering instinctually.
BleepingComputer has the story: https://www.bleepingcomputer.com/news/security/beware-of-fake-john-mcafee-and-tesla-cryptocurrency-giveaways/