Misleading comments that link to crypto phishing scams are plaguing the social media platform X, according to the blockchain security firm SlowMist.
In a new analysis, SlowMist notes that phishing scams represent around 80% of comments on tweets from famous crypto projects.
The scammers employ a high level of automation, according to the security firm.
“Scammers can now purchase [X] accounts. We observed numerous groups on Telegram involved in selling [X] accounts. These accounts vary in terms of follower count, the number of posts, and registration dates, allowing buyers to choose according to their needs. Upon reviewing the group’s history, we found that most accounts sold are related to the cryptocurrency industry or are influencer accounts.”
SlowMist notes there are also dedicated websites for purchasing X accounts. Those sites often sell accounts with usernames that resemble legitimate profiles.
The phishing groups also use promotional tools to purchase followers and interactions to appear more legitimate. They then use automated bots to track the activities of well-known projects, and the bots will automatically comment first when the tracked projects tweet.
“Since the post being viewed is from the legitimate project, and the disguised phishing account looks very similar to the project’s account, it can cause users to lower their guards. Thus, leading to clicking on phishing links, like those offering airdrops from the fake account, and then authorizing or signing malicious transactions that can lead to losses.”
SlowMist encourages X users to employ anti-phishing plugins that will issue alerts related to fake domain names. The firm also suggests crypto investors enable wallet signature verification.
SlowMist notes that personal security awareness is the most important defense, however.
“All products, articles, and alerts are just aids. Building one’s own security awareness is key. Always double-check before clicking links, authorizing, or signing to avoid losing coins or being deceived.”