Subj : Crypto scammers are hijacking this Twitter feature to snare new v To : All From : TechnologyDaily Date : Thu Dec 21 2023 11:15:05 Crypto scammers are hijacking this Twitter feature to snare new victims Date: Thu, 21 Dec 2023 11:00:53 +0000 Description: Be wary of links pointing to Twitter posts, as these can easily be tweaked. FULL STORY ====================================================================== Scammers have found a way to trick people into thinking theyre visiting a legitimate company account on X when, in fact, theyre visiting an impersonator . The method is being used to steal peoples cryptocurrencies. This method leans onto the way X handles links to different posts. On the platform, when a person posts something, the link to it holds both the username and the posts unique ID. However, it seems that only the ID is necessary to redirect the visitor to the actual post, so the username in the link can be changed to any name. So, the hackers would first create an X account impersonating a major company, such as Binance, the Ethereum Foundation, or Chainlink, and post a link to a fake airdrop, a giveaway, or something similar. Then, they would change the username in the link to appear as if the actual Binance, or Chainlink, posted it. Bots in action Then they would distribute it throughout X (and other platforms, probably) using bot accounts. Reporting on the news, BleepingComputer says all of the accounts it observed promoting these scam posts use an account name in the format of name+five digits, such as @amanda_car16095. While the campaign started roughly two weeks ago, the vulnerability (if it can be called that) is a lot older. The media reported on it back in 2019 when security researcher Davy Wybiral warned it could be abused in phishing attacks. However, it was never addressed, most likely because it was never used in phishing attacks. Defending against these scammers should be relatively easy - just double-check the account name in the posts URL and make sure its legitimate. This becomes a bit of a problem if the victims use a Twitter app to read the posts, as the app will not display the URL. Using common sense is advised - large companies like Binance will rarely promote giveaways and airdrops via Twitter bots. More from TechRadar Pro BlackCat strikes again - and this time it's breached a healthcare giant Here's a list of the best firewalls today These are the best endpoint protection services right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/crypto-scammers-are-hijacking-this-twit ter-feature-to-snare-new-victims --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .