At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    New Crypto Scam Targets Flipper Zero Buyers Impersonating Legitimate Shops

    Interest in the handheld open-source multi-function cybersecurity tool by techies has risen to a new campaign seeking to steal crypto funds through illegitimate “sales” of the device.

    When tech buyers see something they find useful, demand jumps through the roof. It’s exactly what happened when the first Kickstarted for the Flipper Zero launched. This portable transceiver empowers pen testers, researchers, and – yes – even the hacker to engage with digital communications including radio, RFID, NFC, Bluetooth, and more.

    When it launched in 2020 on Kickstarter, it received 81 times the asking pledge of just $61,000. Tons of social media coverage around its use only fueled demand that continues today.

    But security researchers are also seeing threat actors taking advantage of the demand, springing up impersonated social media handles and websites to trick potential buyers out of their crypto. Self-proclaimed cybersecurity analyst and security researcher Dominic Alvieri posted recently on Twitter examples of impersonated Flipper Zero accounts:

    New Flipper Zero phishing campaign

    official @flipper_zero

    ⚠️ Fake Twitter accounts ⚠️@fIipper_zero @fIipperzeroshop@FIipperZero

    ⚠️ Fake Flipper Zero stores ⚠️

    /flipper-zero.shop @Hostinger
    /flipperzerostore.net @namesilo #cybersecurity #infosec @TwitterSafety pic.twitter.com/SSotF37qqB— Dominic Alvieri (@AlvieriD) January 2, 2023

    Source: Twitter

    Bleeping Computer also identified Twitter accounts that used simple character replacement (a capital I for the lowercase L in “Flipper”) to spoof the brand:

    flipper-zero-sites

    Source: Bleeping Computer

    According to Bleeping Computer, they have uncovered lookalike sites designed to allow visitors to “purchase” a Flipper Zero and pay in either Etherium or Bitcoin:

    order-payment

    Source: Bleeping Computer

    This simple scam demonstrates that all the cybercriminal needs to fool their victims is the illusion of legitimacy combined with an establishment of credibility and an emotional hook that gets the victim to act as desired. Educating corporate users to be aware of these tactics through Security Awareness Training helps to protect organizations from becoming the victims of attacks intent on credential theft, digital fraud, business email compromise, and more.

    Request A Demo: Security Awareness Training

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Save My Spot!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top