GoPlus security discovers Airdrop-Disguised phishing scam

GoPlus Security firm, via its verified Twitter account, had earlier announced its recent phishing scam discovery. The Web3 security firm further revealed that the phishing scam had made over 4000 transactions.

GoPlus Security discovers phishing scam disguised as airdrop

Since inception, scams within the crypto industry have continued almost unabated. Despite the ever-growing and progressive movement of the crypto space, the bane of its existence (cyber-criminals) has continued to perpetrate fraud acts.

A phishing scam site disguised as airdrop was discovered by GoPlus Security company earlier. According to the Web3 security firm, the site has processed over 4000 transactions, and yet people are still falling into the scam trap. 

The phishing scam site was allegedly reported to have garnered millions of dollars from different crypto users and entities. The cyber-criminal allegedly created a fake Twitter handle impersonating Flow Blockchain. 

The fake Twitter account (flow_blockchaln)  was created and modeled after the Flow blockchain ecosystem (Flow_blockchain). The difference between both Twitter handles was the replacement of “I” in the blockchain with “l”.

The Twitter account was created professionally with over 137 thousand fake followers and detailed flow blockchain information. This made it hard for Twitter users to discern the fake Twitter handle. 

Mode of operation of the hackers

The cybercriminal enticed crypto users to its phishing site via the fake ” Flow” Twitter handle. The hacker created a pinned post claiming a free $3000 airdrop to entice users to click on the phishing link.

After visiting or reacting to the page, the Twitter handler will tag the username multiple times. The handler uses the fake tweets to attract the page visitor to click on the phishing link.

After the user clicks on the phishing link, simple tasks are imposed to depict the airdrop as an authentic one. Upon completion of all tasks users will click a “get #Airdrop” button. 

The “get #Airdrop asks users to connect their cryptocurrency wallet and assets. The wallets get scrutinized, if the assets are of high worth the wallet will be approved, and the site will request approval to access the wallet. 

Once the gullible users approve the request, their assets are transferred to a wallet with the address; (0x0000098a312e1244f313f83cac319603a97f4582. However, when GoPlus security researched the wallet address, it discovered that lots of tokens, NFTs, and coins from scam proceeds have been transferred into the wallet. 

If the users reject the approval request, the site initiates another transfer, disguised as a security update from the contract. Crypto users are advised to be careful on the internet, take precautions and avoid connecting their wallet addresses to unverified sites.

Source: https://crypto.news/goplus-security-discovers-airdrop-disguised-phishing-scam/