Common Distribution Channels
Cryptocurrency followers and investors
Report Your Incident
Help us to help the community. Report your incident to us if you are the victim of a crypto scam
Commonality: Very common
Easiness To Spot: Easy
Don’t get caught off-guard.
Subscribe to get crypto scam alerts.
What Are Social Media Scams?
With the rise of apps such as Facebook and Twitter, scammers and fraudsters have found a new breeding ground for potential victims – social media. Twitter now has more than 300 million monthly active users, and Facebook has more than 2.2 billion monthly active users, proving that social media has a wide influence on a growing global audience.
Crypto scammers are aware of the power of social media and frequently use it as a channel to advertise and distribute malicious links.
Using social media to spread scams also has a segmentation advantage. With many platform’s marketing tools, scammers are allowed to specifically target and promote themselves to certain demographics, namely people who are interested in cryptocurrency and the blockchain technology.
Through our study of various crypto related scams, we have identified 4 main ways scammers use social media to defraud users: Impersonation, Ponzi/HYIP and ICO scam promotion, Malware distribution, and Chatroom scams. Let’s walk through how each one works.
Impersonation of Established Company or Person
Phishers have found a new way to impersonate legitimate services or people online: by creating fake social media profiles, such as Twitter profiles with similar names and pictures to legitimate companies or people.
We have a recent example of how this trick works: Binance, one of the largest cryptocurrency exchanges by trading volume, was down for 2 days due to maintenance in Feb 2018. Scammers used this opportunity to spread fake news like wildfire.
Shown in the screenshot above, the user handle
@binnance_2017 is impersonating the real Binance exchange twitter account
@binance_2017 (notice the extra “n” in phisher’s username).
Here is another account impersonating Binance CEO’s account
@cz_binance by creating a similarly spelled Twitter handle
We hope this goes without saying – there was no donation and free giveaway. If you have sent your coins to one of those addresses hoping for “free giveaway,” you will never see your money again. In fact, one of the phishing wallet addresses collected more than $1,000 in a matter of hours tweeting out fake news.
This type of scam can be easily avoided with some quick sanity checks. You can verify a Twitter account’s legitimacy by looking up few public statistics listed below. If the account in question checks most of the bullet points below, you are looking at the profile of an impersonator.
This particular daring phishing scam, reported by ZeroFox, asked users to enter their private keys on the site to see if it has been leaked. If you are an innocent user who believed in this false claim and entered your key, you will have all your funds taken.
Ponzi/HYIP and ICO scams Promotion
Do you want to become rich overnight and earn 100x returns on your investment within months?
Hard to say no to that, right?
Cryptocurrency holders are risk takers who have high-risk tolerance since one would need a strong stomach to weather through the crypto market swings. That is also the exact reason scammers identify crypto investors as the perfect target for investment scams.
Scammers will use social media, often offering promoters referral perks as incentives, to spread links to their websites that promise high investment returns.
These types of promotional messages can spread like wildfire on social media since platforms like Twitter and Facebook make sharing easy with a click of a button. Many people are drawn to the potential referral earnings and end up spreading malicious links.
It’s easy to avoid getting caught in this type of scam on social media – don’t be greedy. No one will give you way above market average returns with no substantial risks involved.
If something looks too good to be true, it probably is.
Embedding viruses and malware into popular downloads is an old and common hacking technique. Crypto scammers certainly do not miss out on this proven method to steal coins.
Scammers distribute malware through mining software that claims it will help you to make money during your sleep or through desktop wallets that can “safely store” your crypto assets. Once you download the software, it will unpack malware that can steal all sorts of information from your computer, including your wallet’s private key.
Look at this one example of just how much malware were contained in one downloadable mining software reported on ZeroFox.
Send Scams Through Chatroom Messages
The crypto community is very active on various chatting channels such as Slack, Telegram, and Discord.
You can often find helpful connections in chat rooms ranging from cryptocurrency projects’ core developers, exchange official support staff, and like-minded crypto investors. And scammers are certainly not overlooking this channel and opportunity.
There are few ways one can be deceived through chat services. Some chat services, such as Slack, allow users to share the same display names, which can cause confusion and make it difficult to tell the impersonator apart from the crowd.
Many messaging services also use standard formatting for chat messages, which allows a user to embed a different URL in a messaged link that is different than the text displayed.
For example, in the below case reported on International Business Times, a slack user warned another group member of an attack on MyEtherWallet to distribute a phishing link. If you click on the link that looks to be the official URL for MyEtherWallet, you will be redirected to a phishing site aimed to steal your credentials.
How to avoid chat room scams? Do not trust easily, and always verify the information from other popular sources. Scammers love to use FUD tactics to mislead innocent investors.
As you can see, so much fake news can spread through social media. So, always think twice before you act, and keep a sharp eye. Most importantly, always be Crypto Aware!