New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Elon Musk’s Twitter Followers Targeted in Fake Crypto Giveaway Scam

New Elon Musk followers are being added to a “Deal of the Year” list on Twitter that lures them into depositing small crypto amounts into the attackers’ wallets with the false promise of receiving up to 5000 Bitcoin in return. The list of followers is public for most Twitter accounts, including Musk’s, and can be monitored by anyone including bots and threat actors for nefarious purposes. As of today, the list has 155 members added by its admin (the threat actor), and these accounts were seen following Elon Musk, Tesla, SpaceX and related organizations on Twitter. The banner on the top of the account page appears to be an actual tweet from Elon Musk’s official account promising free crypto to “1000 new followers” chosen randomly. The real username behind the scam account is actually ‘@CroweYoshiko’ as displayed under the account information. The advertised URL, freedomgiveaway[.]net, is also convincing, given Mr. Musk is a self-described free speech absolutist, frequently tweets about freedom of speech, and has taken controversial steps to steer Twitter in that direction. On the freedomgiveaway[.]net website, users are greeted with a prompt to confirm that they “are over the age of 18 years,” and further presented with bogus quiz questions on Tesla, StarLink, and Musk. The answers to these are largely public knowledge. Upon answering the 3-4 questions, correctly or not, users are presented with a screen instructing them to key in their Bitcoin wallet address. Regardless of whether the user selects Ethereum, Bitcoin, Binance Coin, or “I don’t use cryptocurrency,” the website will still prompt for a BTC address. The website promises that the wallet will be credited with 5000 BTC, but first the user must deposit a small amount—from 0.02 BTC to 1 BTC. The false pretense is that the amount sent by the unsuspecting victim will be “multiplied” by 5-10 times with the large sum being credited back to the victim’s wallet. At the time of writing, the wallet used by the ‘Freedom Giveaway’ scam shows a $0.00 balance, indicating no one has fallen for the scam yet.

Analyst Notes

As with any crypto giveaway scam, the victim ends up sending the funds to the attacker’s wallet but never receives any amount back. Twitter accounts following famous personalities should be wary of suspicious messages and notifications heading their way.