Interest in the handheld open-source multi-function cybersecurity tool by techies has risen to a new campaign seeking to steal crypto funds through illegitimate “sales” of the device.
When tech buyers see something they find useful, demand jumps through the roof. It’s exactly what happened when the first Kickstarted for the Flipper Zero launched. This portable transceiver empowers pen testers, researchers, and – yes – even the hacker to engage with digital communications including radio, RFID, NFC, Bluetooth, and more.
When it launched in 2020 on Kickstarter, it received 81 times the asking pledge of just $61,000. Tons of social media coverage around its use only fueled demand that continues today.
But security researchers are also seeing threat actors taking advantage of the demand, springing up impersonated social media handles and websites to trick potential buyers out of their crypto. Self-proclaimed cybersecurity analyst and security researcher Dominic Alvieri posted recently on Twitter examples of impersonated Flipper Zero accounts:
Source: Twitter
Bleeping Computer also identified Twitter accounts that used simple character replacement (a capital I for the lowercase L in “Flipper”) to spoof the brand:
Source: Bleeping Computer
According to Bleeping Computer, they have uncovered lookalike sites designed to allow visitors to “purchase” a Flipper Zero and pay in either Etherium or Bitcoin:
Source: Bleeping Computer
This simple scam demonstrates that all the cybercriminal needs to fool their victims is the illusion of legitimacy combined with an establishment of credibility and an emotional hook that gets the victim to act as desired. Educating corporate users to be aware of these tactics through Security Awareness Training helps to protect organizations from becoming the victims of attacks intent on credential theft, digital fraud, business email compromise, and more.
