Twitter/X is a very important social media among web3 user groups. Many airdrops and official information releases are based on Twitter. Therefore, Twitter phishing scams are very rampant and have also caused many users to lose money. We will introduce the common ones in Twitter Attack and fraud cases, combined with specific incidents, to help everyone improve their security awareness and avoid fund theft. Almost every day we see news about ordinary users’ assets being stolen. Below we will summarize some common techniques in the hope that you will not be misled by fraudulent information.
Due to Twitter’s weak security protection mechanism, it is easy for official accounts to be stolen. Hackers will use official accounts to post malicious/phishing links, and use everyone’s trust in the official to induce users to click on malicious links. The characteristic is that the account accidentally releases some unplanned airdrop information.
Example: pendle account stolen incident:
Hackers use pendle’s official account to publish phishing links, inducing users to click, and ultimately causing losses to themselves. Because it is an official account, many people will believe that it is official information, which makes it easier for users to be deceived.
We often encounter Trojan viruses that induce downloading in the world of web2, and they still exist in web3. The key to this kind of fraud is to gain the trust of users. Let’s look at a real case:
User shenboo was defrauded of 10K
@shenboo was defrauded of 100k assets. The malicious gang first forged a “normal” looking twitter account, and then asked users to “help” check their app. It turned out that the app was a virus program. Exvul hereby reminds that it is unofficial. You must be very careful about the program. If you can’t download it, don’t download it. If you have to download it, you can put it in a virtual machine and run it.
If you search with the keyword “airdrop” in Twitter, you will see a lot of airdrop links. Airdrop actually requires a lot of research and reasonable allocation of energy. Besides, a bunch of professional studios can’t make money. When we ordinary users encounter this kind of airdrop information from unclear sources, especially some airdrops that induce clicks on links, we should try not to click on them.
This attack method mainly uses DM users to send some information such as group membership/meeting/recruitment/airdrops. After contacting the user, it induces the user to click on the link sent in the private message, obtains the user’s authorization, and steals funds.
It can be seen that the attackers’ methods are varied and emerging one after another, and it is difficult for ordinary users to distinguish them. To address these problems, we launched the Web3 Scams Defender extension to prevent such problems. It can effectively solve the fraud problem on Twitter. Through functions including phishing link interception and wallet protection, it can solve the phishing fraud problems encountered by users when browsing social media and web3 information on Google in one stop. Through friendly interaction and UI design, users can quickly become aware of malicious scams, phishing fraud information, etc.
Users only need to install scams defender extension and enable related functions scams defender can silently protect your web3 security!
People who pretend to be official accounts will be marked in red by us
Scam account and information Alert
If Scams Defender detects malicious tweets, it will prompt the user in red font and provide tips for risky content.
Private message security protection
Official verified account:
We will mark the official certified account. If a green mark appears, it proves that the account is an officially certified account. Since Twitter Blue V can be purchased with money, through our green certification, we can ensure that fake accounts can be easily distinguished. if you want to get certified, you can contact us via private message.
Phishing links, hacker addresses, malicious contract address detection
We will also prompt users for malicious links, hacker addresses, and malicious contracts in their accounts.
We have opened the function of users submitting scams. Just right-click and submit. Other users who see this tweet will realize that this is a scam link. Through the power of anti-fraud “decentralized nodes”, we can quickly and timely discover these security risks.
There are various security risks hidden in the web3 world, but there are no good security products to protect the crypto assets of ordinary users, which has caused a large number of user asset losses. Exvul is committed to protecting the crypto assets of ordinary users. In the future, we will launch more security products to protect the crypto assets of users! .
We focus on cyber Security and Threat Detection and Response, and provide industry-leading Cyber Security Solutions, which can completely cover all cyber security requirements of all kinds application scenarios.