Web3 Users Need to Be Cautious: Social Media Platforms Become New Hotbeds for Scams

With the increase in airdrop activities, Web3 users have entered a harvest season, but at the same time, they have also become targets for criminals. Some criminal gangs use counterfeit social media accounts to conduct phishing scams, massively posting fake airdrop links in the comments section of official accounts, enticing users to click and attempt to claim tokens. Once users accidentally fall for the trap, they may suffer financial losses.

This "imitation account phishing scam" is a typical type of social media platform fraud, and due to its highly organized and large-scale operation, it poses a serious threat to the financial security of users.

Social media platforms have become new battlegrounds for scams

Recently, multiple users have reported encountering theft of funds after clicking on "airdrop claim links" on social platforms. These links are actually phishing links published by accounts impersonating certain well-known projects.

Taking a case as an example, a certain project announced that its token would be listed on several well-known exchanges. However, before the official airdrop query link was announced, criminals took advantage of this interval to spread fake claim links widely on social platforms. This led some users to mistakenly believe that the links were real, and after interacting with them, they were tricked into granting authorization, resulting in significant losses.

After tracking multiple cases of this kind, technicians have found that several addresses of authorized phishing coin theft attackers have been marked as a well-known malware.

The Trend of Counterfeit Account Fraud Becoming Industrialized

The counterfeit account scam has formed a complete black industrial chain, including the purchase of related social accounts, targeted promotion of tweets, large-scale dissemination, and the generation of phishing websites, with a clear operating process and anonymous payment methods.

1. Purchase relevant social media accounts

Fraudsters first purchase accounts with a certain fan base, copy the official account's profile picture and description, change to a similar ID, and create highly deceptive imitation accounts.

2. Multi-account spreading phishing links

Fraud gangs use the platform's content recommendation mechanism to push fraudulent information to target audiences. Common methods include inflating comments in the official account's comment section and using fake accounts to post content containing specific keywords to pollute search results.

3. Purchase promotion services

Some social platforms have failed to effectively filter fraudulent information during the paid promotion phase, resulting in paid promotion channels being provided for phishing links.

4. Provide technical support using malware

Some well-known malware is used to illegally empty cryptocurrency wallets. This type of software is usually rented out by developers, and anyone who pays can use it. Once the user connects their wallet, the software locates the most valuable assets and initiates malicious transactions.

Measures

Given that social platforms have become an important tool for criminals, users need to be particularly cautious when engaging in online activities:

1. Familiarize yourself with the platform's basic mechanics, remember the unique ID of the official account, and pay attention to the number of mutual followers.

2. Verify the authenticity of important information through multiple channels, such as official websites, other social platforms, etc.

3. Carefully read the content of the wallet plugin pop-up and do not easily sign unfamiliar transactions.

4. Be cautious about links in the comments section of popular content; this is often where phishing links are most rampant.

The industrialization trend of cryptocurrency-related cybercrime not only harms user interests but also hinders the healthy development of the entire industry. Users should seek professional help promptly if they encounter suspicious situations.