Crypto Scammers Exploiting Twitter Feature

•

🚨 #Crypto scammers are exploiting an @x "feature" to impersonate high-profile accounts 🚨 1/ 👇🧵 #Security in the crypto world isn't just about smart contract APIs A significant part of it involves understanding and mitigating social engineering tactics Let's dig in👇

2/ The trick lies in how X forms URLs for tweets Each tweet URL includes the username and a unique status ID For example: `twitter.com/[username]/status/[status_id]` But there's a catch...

3/ Scammers manipulate these URLs by changing the username while keeping the status ID intact When you click on such a link, Twitter redirects you to the original tweet based on the status ID, not the username

4/ This means a link that appears to be from a trusted source, like a well-known #crypto organization, could actually redirect you to a scammer's tweet It's a simple yet effective way to mislead users "Always check the source" simply isn't good enough anymore 🙄

5/ Recently, accounts impersonating major crypto players like @Binance, @Ethereum, @zkSync, and @Chainlink have been spotted These fake accounts promote scams, fake giveaways, and even dangerous wallet drainers

6/ For example, a tweet that looks like it's from zkSync could redirect to a page impersonating the company In doing so, promoting a site known in the community as a crypto drainer – a site that steals your crypto assets and #NFTs upon wallet connection

7/ Most of these scam accounts follow a naming pattern like name+5 digits (e.g., @amanda_car16095 🚨SCAMMER🚨) While @x offers a Quality Filter to block such content, it's not foolproof and might filter out legitimate tweets as well

8/ Spotting these scams requires vigilance. Always check the account name in the tweet against the URL Be extra cautious on mobile, where the lack of an address bar makes it harder to verify the authenticity of a tweet

9/ Remember, this redirect mechanism is a standard Twitter feature So, always double-check your address bar (if available) to ensure you're not being redirected to a scammer's tweet And remember, if it's too good to be true, it probably isn't 👀 Stay alert and informed🧠

10/ In the world of crypto, your best defense is awareness and caution The incentive to catch you at an unsuspected moment is simply too high Please share this thread to spread awareness and protect the community💙 Original article bleepingcomputer.com/news/security/crypto-scammers-abuse-twitter-feature-to-impersonate-high-profile-accounts/ by @BleepinComputer