By Richard Arneson
Apparently, scammers get bored, too, at least the ones who find it fun and profitable to generate hustles related to cryptocurrency. They’ve found a new target—Facebook. Their scamming medium of choice has primarily been Twitter, which has for months been littered with fake cryptocurrency advertisements. For Facebook, however, they’ve modified their strategy and tactics. On Twitter, their basic, garden variety scam has been the infamous Bitcoin giveaway (tip: if it’s a giveaway, it’s you who will be giving away something.). For Facebook, their tactic involves luring users into coughing up sensitive info, such as the holy grail of scamming–credit card information.
Here’s how it works…on Facebook, at least
The attackers (I call them miscreants) set up phony pages with a call-to-action in the form of a fake, sponsored ad. After clicking on it, users are directed to a replica CNBC page that promotes an investment opportunity. While claims of big investment opportunities should be the first clue that you’ve ventured into murky digital waters, if it doesn’t and you end up there, you’ll be given the opportunity to purchase a new, shiny cryptocurrency from CashlessPay.
According to the ad, Singapore just announced they’re adopting an official coin, which can only be purchased from CashlessPay. Oh, and it includes fake endorsements from sundry celebrities, including Sir Richard Branson, famed English entrepreneur and owner of The Virgin Group. Gee, if Richard Branson invested in it, it must be good. I’m all in! And that’s exactly what they’re praying to The God of Cybercrime that you’ll be thinking. And, of course, once you pull out your plastic cash and enter in a few digits, you’ve just become a victim. You’ll soon unknowingly purchase high-end electronics throughout the world.
Is Facebook asleep at the wheel?
It seems odd to most that these malicious ads got past Facebook and Twitter in the first place. In the Facebook case, the miscreants were able to slide past their defense mechanisms, odd considering that earlier this year they banned all blockchain and cryptocurrency advertisements. It’s not clear exactly how they circumnavigated Facebook’s security sentinels, but obviously they did. It is interesting, though, that phony cryptocurrencies require payment via bank wires or credit cards.
Twitter appears to be the first social media victim, but they’re not flattered
While Facebook has been scammed for what appears to only be a matter of weeks, Twitter has been battling fake cryptocurrency ads for the past nine (9) months. Initially, Twitter scammers launched armies of bots that mass-spammed links to cryptocurrency giveaways. They tweaked their approach and decided to implement a more selective spamming model. They began hijacking real profiles; one (1) of their favorites was Elon Musk. Other targets soon followed, including several politicians and government accounts. Their piece de resistance? Google and Target, who both fell victim to the scam.
The question now: “Can Facebook remediate this issue faster than Twitter?”
To find out how to secure your organization’s network, contact GDT’s tenured and talented security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.