Fraud Management & Cybercrime , Fraud Risk Management , Social Media
Account Used to Attempt Cryptocurrency Fraud
Carl Pei, co-founder of OnePlus, a smartphone company, said Tuesday that his Twitter account had been compromised via a third-party app called IFTTT and a tweet had been injected via his profile for an apparent cryptocurrency scam. IFTT – If This Then That – is a service that allows a user to program various kinds of responses to events in the world.
See Also: The Definitive Email Security Strategy Guide
The Swedish entrepreneur warned his followers not to fall for the scam, which invites them to participate in an Initial Coin Offering for a fake new Nothing Coin cryptocurrency. The fraudulent tweet spreading the scam was sent from his verified account for about an hour on Tuesday afternoon, asking for investors to provide funding using the cryptocurrency Ethereum in exchange for receiving the new – and fake – Nothing Coin cryptocurrency, Pei says.
“Through permissions granted to my IFTTT which was hacked, this Tweet was injected asking for your ETH. Please do not send any ETH or your personal info to cryptocurrency accounts claiming to be Nothing. I’ve deleted all 3rd party apps connecting to my Twitter,” Pei notes on Twitter.
Pei’s account, @getpeid, has about 337,000 followers. He urged his followers to not share any personal information with the cryptocurrency accounts that are claiming to be from his newly established startup Nothing, a consumer technology firm.
Through permissions granted to my @IFTTT which was hacked, this Tweet was injected asking for your ETH. Please do not send any ETH or your personal info to cryptocurrency accounts claiming to be @Nothing. I’ve deleted all 3rd party apps connecting to my Twitter. pic.twitter.com/WWx7Q4nPAh
— Carl Pei (@getpeid) May 25, 2021
A Growing Attack Vector
Yiannis Fragkoulopoulos, customer security director at Obrela Security Industries, says impersonations and other social media-related security threats are an increasing attack vector.
“One need look no further than last year’s infamous Twitter hack on high-profile CEOs and businesses to understand the impact that social media impersonation may have. Gaining control and ensuring protection against social media and digital risks is a relatively new aspect of security, but is also a business imperative,” Fragkoulopoulos says.
Pei, who cofounded smartphone company OnePlus in 2013, left the company in 2020 to start the tech firm Nothing.
Other Twitter Scams
In a 2020 cryptocurrency scam leveraging Twitter, a series of fraudulent tweets was sent from the account of Indian Prime Minister Narendra Modi for an apparent cryptocurrency scam. The hackers asked followers to send cryptocurrency donations to an organization called the “PM National Relief Fund” and included a digital wallet address. After officials were alerted, the messages were taken down (see: Another Twitter Hack: This Time, India’s Modi Targeted)
The affected account, @narendramodi_in, which had about 2.5 million followers, is associated with Modi’s personal website. The prime minister’s official government accounts were not affected by the hack.
In July 2020, a similar cryptocurrency scam affected about 130 Twitter accounts in the U.S and Europe, including those associated with now President Joe Biden, Tesla CEO Elon Musk and Microsoft founder Bill Gates (see: Several Prominent Twitter Accounts Hijacked in Cryptocurrency Scam).
U.S. law enforcement officials charged three people with hijacking the accounts and waging a fraud campaign that scammed individuals out of approximately $120,000 (see: 3 Charged in Twitter Hack).
Twitter found that several of its employees had been victimized by a phone-based spear-phishing attack that provided the hackers with credentials for the social media firm’s internal systems and tools (see: Twitter Hack: Suspects Left Easy Trail for Investigators).
