The Stamp Scam: A fake Elon Musk gets to steal 28 bitcoins

I can’t understand how the human mind works. I imagine you’ll know. the thyme of the stampite: Basically, the con man used a so-called fool with an envelope full of notes that was of no importance because he believed that what he was carrying was mere stamps. With this, he had a conversation with a citizen and a smart man came in and proposed to the citizen to scam the fool. Then the citizen offered the so-called fool a small amount of money for his stamps. But when the smart and the foolish had already left, the citizen realized that the envelope they had given him had not been

money, but worthless papers.

Sort of. that same idea but modernized is what has used a cybercriminal to fool people on Twitter and get over $180,000 in cryptomonedas, although in this case there was some preparation behind. Let’s see it very schematically.

A simple social engineering attack

– The cybercriminal get a verified account on Twitter, of which they have the verified symbol.

– Once with that account in your power, change the photo and put the same photo you use Elon Musk in its actual profile (also verified).

– Also changes the name that shows the account to show the name of Elon Musk, although the Twitter profile continues to show the original name of the account (@ Pan

theonBooks)

– Send the news that he leaves Tesla’s direction and wants to make a donation in Bitcoins to his entire community of followers.

– Since the BTC addresses are anonymous, you have to send him a shipment of 0.1 BTC (about $640) or more and he will return you + 200% of your donation by already having the address of your wallet.

-…

It also sends it as a promoted Tweet, that is, it comes out in thousands of accounts around the world even if you don’t follow the original account directly.. Brilliant, right? Although none of us would fall into this simply because I don’t know.. But the result was that Thousands of users around the world made that little donation waiting for Elon to return them + 200% of the initial investment.

It has not been clear how the malot managed to get a verified Twitter account. He probably had access to the email address of the real account owner., since when you send a promoted tweet you are sent a confirmation by email because that type of tweets have a cost depending on the number of people who will receive it. Once you had access to the owner’s email address, you only had to recover the Twitter password in order to change the image and name. In other words, the attack did not include too many technical means or much research.

As we have seen in other attacks… And yet he managed to take almost 28 Bitcoins, about $180,000 at the current change.

I’m not tired of repeating, to be protected from such an attack we just have to stop and think a little.. Remember that it’s the same thing we did when a malware was trying to infect our computer with an attack of Ransomware posing as an invoice of Iberdrola… we just have to think ‘?Iberdrola I’d send a email telling me that I have a bill too big? ‘or when we had a email from our bank asking us to enter the credit card number and the PIN on a website, where we just had to stop

I don’t know if it’s true or not, but I better get down to the bank tomorrow instead of putting my PIN on a website because I don’t trust much… ‘. As you see, you don’t need great technical knowledge or a Twitter account analysis to see if it really matches who you say you are or look at your last tweets to check that it’s not really about Elon Musk, you just have to think, «Why would someone give away money like that?»