Tweets of Deceit: Unmasking An Attempted Crypto Con

5Gmb...M2Ub
25 Aug 2023
146

Twitter scams are rife. Let’s look at ways to recognize them.

If you’re a regular reader of our blog then you might recall this post where we discussed some of the pitfalls for newcomers. There was also discussion on a few of the typical types of scams you might find when entering the world of crypto.

Then there’s this article, where we discussed the Arkham Intelligence airdrop, and looked at some of the benefits that people can find by engaging with Arkham as a tracking tool.
Today, we’re going to look at an actual twitter scam that we found in the wild. It’ll be a short article, but you’ll see the offending tweet, as well as some of the research we quickly did to background it. Let’s get started.

Here is our offending tweet. On the surface it’s good news, apparently Arkham Airdrop Mk 2 is alive! All we have to do is go to the website and check our eligibility. Wonderful news!
Note: For security’s sake we won’t be embedding the tweet as we don’t want to send anybody to a malicious link inadvertently.
Our offending tweet. Source: Twitter.

We can see there’s been plenty of engagement, with over 40,000 views at the time of writing. However all is not well with our tweet. Can you spot the first signs of trouble??
We managed to catch this one early, with just 5k views at the time. Source: Twitter

Apparently we need to go to arkhaRN Intelligence to collect. That doesn’t sound suspicious at all. Here’s the full defanged link

www[.]arkharnintelligence[.]org

while the correct link for the real Arkham is

platform[.]arkhamintelligence[.]com

When we look further at our tweet, we see replies are only open to those tagged within the tweet. Another red flag. 🚩
Locked replies. Can’t have people warning others now can we. Source: Twitter

Our last giveaway that this might not be legitimate is our username. Our malicious user goes by the handle [@]arkhamusa
While the legitimate account for Arkham goes by the handle [@]arkhamintel
The real Arkham Intel account. Source: Twitter

This is where our previous article on domain reputation and analysis comes into play. Let’s check out our funky domain.

Whois data. Source: Investigator515

Analyzing our whois data shows our domain has limited information in regards to ownership. However there’s another tip in there for those with a keen eye. In case you’re wondering it’s the creation date. We see it was created on the 24–08–2023. Barely 24hrs ago.

In our crypto for newbies article we mentioned it was good practice to be alert for scams trying to lighten your wallet.

So with this post we have as red flags

  1. Incorrect User Account 🚩
  2. Restricted ability to comment on the post 🚩
  3. A bad url that doesn’t match the project🚩
  4. A URL that is less than 24hrs old 🚩
  5. No promotion from the official account 🚩


While it’s plausible there may be another account promoting the airdrop, our visit to the main account shows no current news which makes that unlikely. So for now, we’re happy calling this one out as a scam. Although we should note, we are happy to be corrected should this be proven to be incorrect.

Last tweet from official Arkham.

We’d also like to add our own disclaimer:
We have promoted Arkham and mentioned a possible airdrop in previous articles. Should you have used our links, or passed this on to others, please warn them that scammers are on the prowl.

It’s important to note that at this point we decided to stop digging. There’s enough information for a decision to be made without having to go further. However what options do we have should we wish to dig deeper?? Quite a few actually.

Firstly we can analyse the social media account used to post the tweet. There’s plenty of open source tools available for that.

We can also enumerate our domain further and look for email addresses or subdomains that may provide a clue.

We can look at our domain further inside a sandbox to see what type of scam we are dealing with and what reaction a visitor to the domain might trigger.

Lastly, there’s also a few options we can use that involve a burner wallet but we’ll keep those to ourselves for today. The point is, we can enumerate things further in most instances. We simply need to understand how best to do so and what tools we have that can assist with that.

While airdrops are great fun and can be a cheap and easy way to get started in crypto, scams are and will continue to be aplenty. Good security habits will help you with identifying scams and keeping your crypto where it should be….in your own wallet. And remember, not your keys, not your crypto!

🌟 Enjoyed this article? Support our work and join the community! 🌟

💙 Support us on Ko-fi: Investigator515

📢 Join our Telegram channel for exclusive updates or.

🐦 Follow us on Twitter

🔗 Articles we think you’ll like:

  1. Eye Spy with My Tineye: Reverse Image Searching
  2. What the Tech?!: Satellite Linking


✉️ Want more content like this? Sign up for email updates here

Join our Crypto focused Telegram Channel!

Telegram

Enjoy this blog? Subscribe to Investigator515

22 Comments