A cyber security expert who goes by the name of Serpent wrote a detailed post on 8 currently active crypto/nft scams running amok on the social blogging site Twitter.
The analyst who heads artificial intelligence and community-powered crypto threat mitigation system, Sentinel shared how fraudsters utilize multiple channels like URLs, hacked verified accounts, fake projects, fake airdrops, and malware to target uninformed crypto users.
The first of them is spoofing URLs using lookalike Unicode letters. Here Hackers use visually similar characters to deceive people in online phishing scams.
Next, scammers masquerade as OpenSea representatives and attempt to induce a state of urgency to trick users into visiting a phishing website.
“This scammer, in particular, botted the likes, retweets & replies to his tweets to make it look legit, then locked the tweet so no one else can reply. They also use bots to mass DM people on Twitter linking them to the tweet, or mass mention people on the tweets”, Serpent wrote.
Another most common tactic is by using hacked verified accounts, bad actors here usually launch fake airdrops/mints, where they can get pretty creative.
Fake P2E Game/Project
Here, fraudsters target high-value NFT collectors, by impersonating/creating Play-To-Earn projects and releasing a “beta version” which is filled with malware.
Fake Art Commissions
“This is an individualized attack [predominantly targeting artists] commissioning fake work for an illegitimate company.”
Scams That Prey On The Already Fallen
The analyst, who has over 253k followers on Twitter, has expressed concern over the rise of sophisticated strategies after a recent wave of crypto phishing scams and protocol hacks incidents.
Serpent then brought light to Crypto Recovery Scam that is used by malicious actors to trick those who have recently lost funds to a widespread hack, stating:
“I’m sure most of us have seen these bots in the reply to tweets containing certain keywords. Simply put, they attempt to target people who have already been scammed, and claim they can recover the funds”.
As per Serpent, these scammers claim to be blockchain developers and hunt down users that have been victims of a recent large-scale hack or exploit, asking them for a fee to deploy a smart contract that can recover their stolen funds. Instead, they “take the fee and run.”