Reading time: ~ 2 m
A growing number of phishing scams involving Twitter bots. They scan every message you post in an attempt to steal the contents of your crypto wallet.
Potential attackers use application programming interfaces (APIs) to identify Twitter users who need customer support.
These APIs check every public tweet for a set of keywords that fake bot accounts trigger a response for.
BleepingComputer’s test found that tweets with words like “support”, “help” combined with words like “MetaMask”, “Phantom”, “Yoroi” and “Trust Wallet” trigger automatic replies that link to fake Google Forms hoping to steal your information.
For example, a user tweeting about blocking access to their MetaMask wallet will receive multiple responses from fake MetaMask customer support accounts.
Bleeping Computer first wrote about the new phishing scam in May. Since then, the scammers have expanded their target list by adding more bots.
To satisfy our curiosity, our editorial staff posted a decoy message in the hope of triggering phishing bots and received several fraudulent responses in just a few seconds.
Scammers direct the Twitter user to Google Forms asking for their original phrase.
The seed or recovery is a 12-word password that, when transferred, allows fraudsters to take control of the wallet and add it to their own device.
Most of these Google Forms look pretty primitive, but some seem compelling.
Twitter bots and scams
Bleeping Computer has seen an increase in Twitter API scams. The Cardano Yoroi and Solana Wallet Phantom wallets have been found to contain phishing bots for the cryptocurrency stored inside.
An unpleasant situation happened with a user who gave his collection to a bot who pretended to be an OpenSea support agent.
While a vigilant Twitter user can spot a bot’s message a mile away, there is another type of scam that is harder to spot.
In this version, the bots comply with the recommendation of a third-party account recovery service. Naturally, the user pays money to use it, but does not get the desired result. This is potentially less damaging from a financial point of view, but still no less frustrating for those facing a loss of money.
Be careful not to enter your information on sites you are not sure about.
#Twitter #bots #steal #cryptocurrency