The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) is warning financial institutions of a “high-profile” new scam exploiting Twitter accounts to try and scam convertible virtual currency (CVC) out of individuals, according to a Thursday (July 16) press release.
On Wednesday (July 15), bad actors hacked the Twitter accounts of numerous popular officials and CEOs, including Elon Musk and Jeff Bezos, all posting identical messages promising to double Bitcoin donations and return them to the senders if people clicked a malicious link.
FinCEN says financial institutions (FIs) should be on the lookout for “suspicious activity,” such as high volumes of payments deposited in accounts over short periods of time, from previously unaffiliated accounts or multiple originating CVC addresses.
FIs should report that activity in a Suspicious Activity Report (SAR) form, including information like “chat logs, suspicious IP addresses, suspicious email addresses, suspicious filenames, malware hashes, CVC addresses, command and control (C2) IP addresses, C2 domains, targeted systems, MAC address or port numbers,” according to the release.
And, the organization said individuals should be on the lookout for the kinds of solicitations that hacked many public figures’ Twitter feeds Wednesday, and not to send any money or personal information to those solicitations.
FinCEN goes on to list a number of the indicators that one has encountered a scam, such as promises of a high or guaranteed investment in return for payments, spelling-error-ridden social media posts or other communications asking for money, any solicitations where the person asking isn’t from a reputable organization and multiple posts from different people with identical messages asking for money.
Wednesday’s wave of hacking attempts did pull off part of their intended effect, as the scammers managed to get around $117,000 from some 401 transactions sent to two email accounts.
To combat the attacks, Twitter turned off all verified accounts temporarily to stop the message and link from circulating.
According to Twitter, the attack was a coordinated one on the site’s internal systems and tools.