As cryptocurrency gains hordes of followers every day, an ever-increasing number of people are willing to jump on the bandwagon to make a quick buck. However, since a vast majority of people have little to no knowledge of cryptocurrency, phishing scams are also on the rise. While most phishing scams are easy to spot, a few well-disguised ones manage to fly under the radar.
According to a recent report from Buzzfeed News, one such cryptocurrency phishing scam pulled off one of the best disguises- a Twitter verification badge. The phishing scam in question involves Tron Foundation (@Tronfoundation), the organization behind a cryptocurrency which is currently valued at $2.8 billion.
In this case, scammers were able to hack into a verified Twitter account and changed its appearance to match that of Tron Foundation’s official Twitter account. The scam account, which flaunted the handle @Tronfoundationl, used the same profile photo, pinned tweet, bio, and location as the official account. The scam account then proceeded to ask its followers to send the scammers cryptocurrency in the pretext of a lucrative investment. Since the scam account had a verification badge, it managed to successfully fool gullible investors.
Tronfoundationl’s verification hijacking is a new innovation in cryptocurrency scamming and since its account is verified by Twitter, more people are likely to trust the scam tweets. The report reveals that Geoff Goldberg, a Twitter user who frequently spots bot and scam accounts, was one of the first to report Tronfoundationl’s account.
“I saw it was a verified account so immediately was intrigued. To me, it was clear it was a scam, given that I have been encountering these for quite some time…But to others, given the verified account, I could totally see people falling for it.”, he told Buzzfeed News.
Buzzfeed News further reveals that the scammers were able to take over the account of a company called LiteracyBridge and changed its appearance to match that of Tronfoundation’s account. Additionally, LiteracyBridge wasn’t the only account compromised. The scammers hijacked another verified account of a user named @adaxnik and re-purposed it to look like the account of Tron’s founder Justin Sun. As of now, both the accounts have been taken down.
Hijacking verified accounts is a highly unusual event, as according to Twitter’s policy, when a verified account changes its username, its verification badge is removed to prevent scammers from taking over the account and exploiting its verified status. When approached regarding the same, a Twitter spokesperson told Buzzfeed News that it was investigating the hack and noted, “we strongly encourage everyone to use login verification for account security. Also, if an account changes its username, it should lose its verified status. Any instance of this is not occurring in an error.”