PHPhishing incident with $400,000+ loss
On June 9th, 2024, a user on platform X reported losing over $400,000 worth of $MANEKI tokens. This happened after they unknowingly approved a token transfer on a fraudulent airdrop website linked in a reply under the project's official tweet.
Phishing replies under the original tweet
A scammer's X account, with an identical display name and a username very similar to the official one, posted a reply mimicking the project's communication. This reply lured users to visit a fraudulent website to claim rewards.
Taking a closer look at the phishing reply
The scammer's account used the same profile picture, display name, and a very similar username to the legitimate project's handle, @UnrevealedXYZ. The reply also included "2/" at the beginning, making it appear as part of an official thread.
Prevalence of similar scams
These scams are common in replies to tweets from trending projects. Some projects use an "End of Thread" message to indicate the end of their official communication, but this practice is not yet widespread.
Do not trust Gold check accounts on X
Usernames on X, often grayed out next to the display name, can go unnoticed. The gold check icon, signifying verification on X, can give a false sense of security. Scammers exploit this by either passing the verification or taking over accounts with legitimate gold checks.
Never click links from unverified sources
Phishing links are widespread, especially in public posts and unsolicited messages on social platforms. Always exercise caution and avoid visiting websites not directly published by official sources to protect your funds from being drained by scammers.
Learn more about phishing scams
Explore another Web3 security-focused Quest titled "Common Web3 Phishing Methods" to deepen your understanding of potential threats. Always think twice before connecting wallets or authorizing transactions.
Which of the following statements are correct?
* Choose all answers that apply
On June 9th, 2024, a user on platform X reported losing over $400,000 worth of $MANEKI tokens. This happened after they unknowingly approved a token transfer on a fraudulent airdrop website linked in a reply under the project's official tweet.
Phishing replies under the original tweet
A scammer's X account, with an identical display name and a username very similar to the official one, posted a reply mimicking the project's communication. This reply lured users to visit a fraudulent website to claim rewards.
Taking a closer look at the phishing reply
The scammer's account used the same profile picture, display name, and a very similar username to the legitimate project's handle, @UnrevealedXYZ. The reply also included "2/" at the beginning, making it appear as part of an official thread.
Prevalence of similar scams
These scams are common in replies to tweets from trending projects. Some projects use an "End of Thread" message to indicate the end of their official communication, but this practice is not yet widespread.
Do not trust Gold check accounts on X
Usernames on X, often grayed out next to the display name, can go unnoticed. The gold check icon, signifying verification on X, can give a false sense of security. Scammers exploit this by either passing the verification or taking over accounts with legitimate gold checks.
Never click links from unverified sources
Phishing links are widespread, especially in public posts and unsolicited messages on social platforms. Always exercise caution and avoid visiting websites not directly published by official sources to protect your funds from being drained by scammers.
Learn more about phishing scams
Explore another Web3 security-focused Quest titled "Common Web3 Phishing Methods" to deepen your understanding of potential threats. Always think twice before connecting wallets or authorizing transactions.
Which of the following statements are correct?
* Choose all answers that apply
- Display names on X can be misused to impersonate official accounts
- Scammers can use identical usernames on X to mimic official accounts
- Gold Check accounts on X can always be trusted as they passed verification
- Scammers may disguise themselves using Gold Check accounts on X