The Crypto Scam Epidemic: How Hackers Are Exploiting Influential Accounts

Imagine growing your social media account to millions of followers then, one day a hacker takes it over, pretends to be you, and scams innocent victims money. Decades ago, this may have sounded ludicrous but is a reality today thanks to rapid technological advancements. Cryptocurrency scams have evolved into sophisticated schemes that exploit the social media accounts of celebrities, public figures, and official organisations to steal from victims. Notable examples include Elon Musk, People Magazine, Brazilian soccer player Neymar Jr., Lenovo’s India division, BBC journalist Nick Robinson, and British Education Secretary Gillian Keegan, EigenLayer, among others. Locally, the scam has affected the official X accounts of KBC and DCI. So how do these scams occur, why are they popular, and what can you do to protect yourself from them?

What is a Crypto Scam?

This is a fraudulent scheme where scammers trick people or organizations into losing money or digital assets within the cryptocurrency space. The primary goal of the scam is to manipulate users into sending cryptocurrency to scammers or investing in fake crypto projects. Crypto scams are often difficult to investigate, attribute, and recover from because they exploit several layers of fraud.

Firstly, scammers create fraudulent websites where they advertise fake cryptocurrency projects. Then, they create fake social media accounts which they use to chat with victims and advertise the scam websites. Scammers benefit from capturing as many victims as possible before the masses become aware of the scam. As such, they heavily rely on strategies to quickly build as much trust with as many people as possible. Previously, scammers would create fake accounts which they discarded as soon as the scam was uncovered or which were closed down due to victims reporting the scam. However, platform owners have increased efforts to mitigate the use of fake social media accounts for scams. New accounts now undergo several identity checks and content moderation before they can reach a wider audience. Furthermore, more people are aware of the risks of interacting with newly created accounts, making it more challenging for scammers to gain their trust. 

Increased social media account regulation and user awareness have forced scammers to develop more sophisticated strategies to ensure the success of crypto scams. Remember, the scammers want to convince as many people as possible to take actions that they would otherwise question. So how do they do that? By implementing any of the following methods of influence in their posts: 

1. Use things that people already like to influence them into investing in scams
2. Legal, organizational, or social confidence and authority 
3. Scarcity and urgency language to manipulate victims into making decisions quickly 
4. Convince people that others in the space are doing the same thing. In this case, convince naive people that crypto experts trust and have invested in the scam

What better way to gain influence than stealing the identity or account of an influential person or organization? I mean, if I saw a post by my favourite celebrity telling me to invest in crypto to become rich, I’d be highly likely to let my guard down. This is why more and more scammers are focusing efforts in compromising accounts of influential figures. Of course, they’re also looking to leverage the large numbers that these public figure accounts can reach within minutes. They often employ the following techniques to gain access to influential accounts:

1. Social Engineering: Scammers manipulate individuals or employees within organizations to gain access to internal systems that control account security like Gmail accounts, MFA authentication codes, account credentials, etc. Some of the most popular social engineering tactics employed by hackers include:
   • Phishing emails: These may contain links to fake websites that trick users into providing their login credentials
   • Vishing (voice phishing): An attacker uses a voice call to trick victims into revealing private information like account credentials
   • Short Message Service (SMS) phishing: Scammers send victims messages instructing them to click on links to confirm the security of their social media accounts. Users attempt to log in to their accounts to check the problem which reveals their username and password to scammers.
2. Exploiting Vulnerabilities: Some hackers may take advantage of outdated software or weak security protocols within social media platforms

Once scammers gain access to the influential social media account, they quickly change login details to ensure persistent use of the account to scam as many people as possible. They then post links to the websites containing the fake crypto projects to lure victims while others share enticing screenshots of money and reviews from “previous beneficiaries”. Other common scenarios include:

1. Giveaway Scams: Using the impersonated influential figures to claim they will double any cryptocurrency sent to them. These scams often give a deadline for the giveaway to create a sense of urgency and legitimacy, prompting victims to act quickly without verifying the claims. 
2. Investment Scams: Fraudsters use social media accounts to create convincing content that appears authentic to lure victims into investing their money. For instance, they will advertise a non-existent cryptocurrency claiming that it is the newest cash cow and convince victims to invest while the value of the crypto is still low. This scam rides on the history of coins like Bitcoin gained exponential growth and raked millions for the earliest adopters. Everyone wants to get rich quickly and “exit the rat race”, right? 
3. Pump-and-Dump Schemes: In these schemes, hackers promote a cryptocurrency they own by spreading information to make it trend through hacked accounts. Once the price increases due to heightened interest, they sell off their holdings at a profit, leaving other investors with worthless coins. @Mutuabrian_M an X user in the Web3 space goes into technical detail on how a specific kind of crypto scam called meme coin scam occurs and why  X is the most preferred medium for scamming victims.

Why do Scammers use hacked social media accounts?

1. As mentioned above, high-profile accounts are easy to use to gain the trust of victims 
2. Compromised accounts can bypass the restrictions and content moderation enforced on new accounts 
3. Compromising a high-profile account helps the scammers remain anonymous and avoid the legal and financial consequences arising from attribution 
4. Owners of compromised accounts often delete the scam posts once they regain access. Other times the account is banned or restricted by the platform owner. This destroys the evidence of the scam ensuring that scammers can reuse the same scam on hundreds if not thousands of victims before needing to develop a new strategy

There is evidence of scammers raking up millions in profits from crypto scams using compromised social media accounts. As such, it’s safe to assume that this strategy will only gain wider popularity amongst the cybercrime community. Public figures and organizations must act promptly to enhance their resilience against such attacks and avoid the reputational damage associated with them.

Here are strategies that can help you as an organization or influential person improve your digital security against social media account takeover:

1. Enforcing Multi-Factor Authentication (MFA) on social media accounts and associated emails: MFA  adds an extra layer of security by requiring a second or third form of verification before logging into an account. MFA on social media accounts prevents unauthorized access to the account while MFA on the associated emails prevents changes to account credentials or legitimate owners getting locked out of their accounts. Although MFA is an additional security layer, certain types are superior to others based on their ease of bypassing. Experts recommend choosing one amongst FIDO2 authentication, Challenge-based authentication, App-based code generation, Hardware-based code generation, or message-based authentication in that order based on your risk appetite and use case. 
2. Always lock your device or log off to prevent unauthorised access to your social media accounts.
3. Be careful about the personal information you reveal about yourself online. This can be used by cybercriminals for social engineering.
4. Do not click on links in posts, tweets or direct messages unless you are 100% certain that they are genuine and well-intentioned – they may be phishing attempts!

On the other hand, it’s necessary to protect yourself from cryptocurrency scams as their success motivates scammers to continue compromising influential social media accounts to advance their cybercrime activities.

How can you Protect Yourself from Being Scammed? 

1. Always check the authenticity of social media accounts and websites before engaging with them. Look for verified badges and ensure URLs are correct.
2. Even if an account seems legitimate, it’s important to review previous posts to confirm whether conversations about cryptocurrencies align with the usual behaviour of the organization or person. If the crypto post is random then the account is likely compromised and being used to scam others.
3. Even when you confirm that an account is legitimate and that it posts cryptocurrency content, exercise caution when interacting with posts promising guaranteed returns. If a post seems overly generous or uses flashy words or threats, it is likely a scam. Always conduct thorough research before investing in any online project. 

It is important to note that cryptocurrency investments are a legitimate trade and one shouldn’t be afraid to explore new business strategies. However, we must exercise caution and restraint when interacting with any online posts promising instant wealth of any kind. It’s advisable to seek the advice of well-known, legitimate financial experts before investing. 

As always, the Tatua Digital Resilience Centre is committed to supporting Social Justice Organizations, activists, human rights defenders, and journalists to improve their digital resilience. Feel free to reach out to us for advice and technical support to harden your social media accounts against takeover and potential use for cybercrime. 

Finally, we anticipate the increased popularity of cryptocurrency scams using compromised social media accounts of high-profile persons and organisations. Therefore, governments and the technical community must take proactive measures to mitigate the financial and reputational harms caused by this kind of cybercrime. We urge the government to enhance regulatory frameworks to better protect users and hold scammers accountable. Meanwhile, the technical community must develop more robust security measures and educate users about common scams. KICTANet also calls on other stakeholders including civil society to enhance collaboration to raise awareness about these threats. Together, we can create a safer digital environment that prevents the exploitation of influential accounts and protects the integrity of online interactions.