New Crypto Scam Targets Flipper Zero Buyers Impersonating Legitimate Shops
Interest in the handheld open-source multi-function cybersecurity tool by techies has risen to a new campaign seeking to steal crypto funds through illegitimate “sales” of the device.
When tech buyers see something they find useful, demand jumps through the roof. It’s exactly what happened when the first Kickstarted for the Flipper Zero launched. This portable transceiver empowers pen testers, researchers, and – yes – even the hacker to engage with digital communications including radio, RFID, NFC, Bluetooth, and more.
When it launched in 2020 on Kickstarter, it received 81 times the asking pledge of just $61,000. Tons of social media coverage around its use only fueled demand that continues today.
But security researchers are also seeing threat actors taking advantage of the demand, springing up impersonated social media handles and websites to trick potential buyers out of their crypto. Self-proclaimed cybersecurity analyst and security researcher Dominic Alvieri posted recently on Twitter examples of impersonated Flipper Zero accounts:
New Flipper Zero phishing campaign
official @flipper_zero
⚠️ Fake Twitter accounts ⚠️@fIipper_zero @fIipperzeroshop@FIipperZero
⚠️ Fake Flipper Zero stores ⚠️
/flipper-zero.shop @Hostinger
/flipperzerostore.net @namesilo #cybersecurity #infosec @TwitterSafety pic.twitter.com/SSotF37qqB— Dominic Alvieri (@AlvieriD) January 2, 2023
Source: Twitter
Bleeping Computer also identified Twitter accounts that used simple character replacement (a capital I for the lowercase L in “Flipper”) to spoof the brand:
Source: Bleeping Computer
According to Bleeping Computer, they have uncovered lookalike sites designed to allow visitors to “purchase” a Flipper Zero and pay in either Etherium or Bitcoin:
Source: Bleeping Computer
This simple scam demonstrates that all the cybercriminal needs to fool their victims is the illusion of legitimacy combined with an establishment of credibility and an emotional hook that gets the victim to act as desired. Educating corporate users to be aware of these tactics through Security Awareness Training helps to protect organizations from becoming the victims of attacks intent on credential theft, digital fraud, business email compromise, and more.
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW