It appears Twitter has become so saturated with cryptocurrency scams that attackers are finally starting to target other platforms too – like Facebook.
Unlike the standard Bitcoin giveaway scams on Twitter, the Facebook scam (as noticed by Hard Fork) is designed to trick users into giving up sensitive data, like their credit card information. As a distraction tactic, the attackers have set up a series of fake pages and call-to-actions, the first one of which is a fake sponsored ad.
The ad, which directs to malicious replica of CNBC, promotes a “big” investment opportunity into a non-existent cryptocurrency called CashlessPay. It was posted from the Facebook page of a musician called Jonatanas Kazlauskas; we’ve asked Kazlauskas if his account had been hacked, but we’re yet to hear back.
Once the ad takes you to the new website, the scam becomes slightly more apparent – though it might still fool some less informed people.
Among other things, the URL (which we’ve decided not to share out of caution) does not correspond with a CNBC domain. The fake news report essentially claims that Singapore has passed new legislation that favors the adoption of cryptocurrencies.
“Singapore, in an unprecedented move, just announced that they are officially adopting a certain cryptocurrency as Singapore’s official coin,” the fake CNBC report reads. “The government of Singapore just informed us that they have chosen a preferred firm for the purchase and marketing of their new coin – CashlessPay Group.”
Adorned with bogus celebrity endorsements (including one from English businessman Richard Branson), the rest of the piece walks readers though the process of “investing” in CashlessPay.
Eventually, the fraudulent CNBC replica leads to yet another fake page – this time, the website of the bogus CashlessPay cryptocurrency.
All links on the website are broken, except for a registration form at the top of the website which asks users to fill in their personal data, including phone number and email address.
Once a victim has filled in the form, the website takes you to another fake page, which redirects to a number of fake bogus cryptocurrency exchange desks.
So far, Hard Fork has identified at least two such pages – one called Roiteks, and another one called CoinPro Exchange. According to scam database ScamBroker, both pages have been registered from Bulgaria. ScamBroker further notes both “exchanges” appear to be unregulated – not that this is surprising.
Regardless on which page you end up, you will be asked once again to enter your personal data – and then your credit card details. Interestingly, both pages appear to be equipped with a live chat box.
We used PayPal’s credit card generator – a popular payment testing tool – to see what would happen once users submit credit card information, but the transactions were denied each time.
This is the error the website returned:
It is interesting to see that although the scammers are using the cryptocurrency hype as a hook for their shenanigans, they are still seeking to receive funds the old-fashioned way – via credit cards and bank wires.
In any case, if you somehow end on a suspicious exchange desk, always make sure to verify its legitimacy before filing in your personal information. Chances are that someone might be phishing for your data.
Cryptocurrency ads on Facebook
What makes this case particularly interesting is that the attackers managed to slip malicious cryptocurrency ads past Facebook’s defense mechanisms.
Earlier this year, the social media giant banned blockchain and cryptocurrency related ads, but witty marketers still found ways to sneak them in. Eventually, the company rolled back some of its restrictions on crypto-ads by letting pre-approved advertisers promote on its platform.
But now it seems scammers have found a way to exploit its updated policy.
Cryptocurrency thieves targeting social media platforms
Although the latest, Facebook is not the only platform targeted by scammers.
Twitter has been struggling to curb a string of giveaway scams on its platform since at least February.
Although the attackers initially deployed armies of bots – often impersonating crypto-celebs – to mass-spam links to the giveaways, their strategy evolved over time. Instead of simply posting large volume of giveaway links from random accounts, the scammers found ways to hijack verified profiles (and disguise them as fake Elon Musk).
It’ll be interesting to see whether Facebook can tackle the issue in a more effective manner than Twitter. We’ve contacted Facebook for comment and will update this piece accordingly should we hear back.
In the meantime, watch out where you click when scrolling through Facebook – the cryptocurrency scam epidemic is spreading.
Update November 29 11:50 AM UTC: Facebook has since confirmed it is investigating the malicious ad.
“Deceptive, predatory ads have no place on Facebook,” said Director of Product management, Rob Leathern. “We have removed these ads and disabled both the account and page they ran from for violating our policies.”
Published November 28, 2018 — 14:48 UTC