Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Serpent Profile picture
@Serpent
Apr 17, 2022 β€’ 9 tweets β€’ 3 min read β€’ Read on X
🚨 NEW PHISHING SCAM 🚨

Already $650,000 stolen from a single individual and it's going to happen to a lot more people.

This is how it happened πŸ§΅πŸ‘‡
1/ On April 15th, @revive_dom received multiple text messages asking to reset his Apple ID password and at 6:32 PM he received a call from "Apple Inc." which was a spoofed caller ID.

They claimed that there was suspicious activity on his Apple ID and they asked for a one-time ImageImage
2/ verification code to prove the owner of the Apple ID account. After giving the 6 digit verification code, the scammers hung up and his MetaMask wallet was wiped, with over $650,000 stolen. How did they access his MetaMask wallet? Let's look into what happened πŸ‘‡ ImageImageImage
3/ MetaMask actually saves your seed phrase file on your iCloud. The scammers requested a password reset for the victim's Apple ID. After receiving the 2FA code, they were able to take control over the Apple ID, and access iCloud which gave them access to the victim's MetaMask.
Process of this attack:
1) Scammer requests random password resets to make the victim suspicious
2) Using a caller ID spoofer, the scammer will call the victim as Apple and claim there is suspicious activity on the account
3) The scammer will request a password reset for the victim's Apple ID
4) The scammer will ask the victim for the code, claiming it is to verify they are the real owner of the Apple ID, when in reality they are using that code to reset the victim's password
5) The scammer will have access to the victim's iCloud account, giving them free access to everything, including all the data MetaMask stores on iCloud

Total stolen:
132.86 ETH ($402,988 USD)
252,400 USDT
-----------------
$655,388
Key takeaways
- ALWAYS use a cold wallet to store your valuables
- Never give out verification codes to ANYONE
- Protect your information, don't give out your phone number or your personal email
- Caller information is easy to spoof. Companies like Apple will never call you
Here’s MetaMask’s response to my thread, breaking down how the iCloud backup works. We all know how annoying it is constantly being asked to back up your phone or iCloud auto backing up itself, so they also provided a guide on how to turn it off πŸ‘‡

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with Serpent

Serpent Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Serpent

Serpent Profile picture
Apr 14, 2023
🚨 TWITTER URL SPOOFING EXPLOIT 🚨

Scammers are exploiting a flaw with Twitter's website preview cards to show a legitimate website but have it redirect you to a phishing site.

Here's how it's currently being exploited to drain wallets πŸ§΅πŸ‘‡ Image
1/ There is an ongoing exploit that allows people to spoof what the Twitter website preview shows. It can be manipulated to show any website's preview, and take you somewhere completely different.

This is possible in both tweets & DMs.
2/ Recently, using a network of hacked accounts, attackers mass tweeted claiming that Uniswap was hacked, and they were able to get the hashtags #UniswapHack #UniswapExploit and "Revoke Cash" trending ImageImage
Read 9 tweets
Serpent Profile picture
Dec 17, 2022
🚨 Analysis of how a scammer stole 14 BAYCs worth over 852 ETH ($1.07 million) today through a month-long social engineering scam.

Here's how it happened πŸ§΅πŸ‘‡
1/ The scammer (@JasonBrubeck) contacted the victim (@_sevenseason_) and asked to license IP rights for BAYC #2060. They claimed to be a casting director working for "Forte Pictures" which is an LA based Emmy award winning company with offices at Sony Pictures Studio.
2/ The alias "Jason Brubeck" is fake and does not exist, however, Forte Pictures and Marcus Mizelle are both real and legitimate. The real Forte Pictures company did not own the domain forte(.)pictures, but rather operated under Mizelle's website, marcusmizelle(.)com.
Read 12 tweets
Serpent Profile picture
Dec 15, 2022
🚨 CRITICAL DISCORD EXPLOIT 🚨

A few days ago, a dangerous Discord XSS exploit was found and exploited. This allowed hackers to steal your Discord token from clicking on an official Discord link.

Here's how it worked πŸ§΅πŸ‘‡
1/ For those who don't know, cross-site scripting (XSS) is an attack vector in which the attacker injects malicious executable scripts onto a vulnerable website.
2/ Discord's newly released discovery page allowed for an XSS exploit through HTML code injection. Hackers created a Discord server discovery page and put malicious code in the "Reasons to join" section. This is the HTML code hackers put on the page.
Read 7 tweets
Serpent Profile picture
Aug 21, 2022
🚨 CURRENTLY RUNNING TWITTER SCAMS 🚨

In this thread I've compiled a list of the most popular currently running crypto/NFT scams on Twitter.

Here's how they work πŸ§΅πŸ‘‡
🚩🚩 UNICODE LETTERS 🚩🚩

Scammers have started spoofing URLs using lookalike
unicode letters

In this case, they are changing the letter "i" to a lookalike character from a non-English alphabet

The URLs respectively resolve to:
β€’ xn--premnt-s9a[.]xyz
β€’ xn--premnt-zva[.]xyz ImageImage
On the phishing website, you will be met with a replica site of @PREMINT_NFT

When you click "Login To Register", depending on your total NFT collection value and your wallet balance, it will send either a Seaport signature which will drain your NFTs or attempt to drain your ETH. ImageImageImage
Read 19 tweets
Serpent Profile picture
Jun 25, 2022
🚨 FAKE FILE EXTENSION SCAM 🚨

Scammers are spoofing file extensions to disguise malicious files as PDFs and targeting artists, influencers, and projects.

This is how it works πŸ§΅πŸ‘‡ Image
1/ In this case, artist @RabbitinM was first messaged about a commission for his art. He was sent a zip file containing what the customer wanted, with examples and sketches. What seemed to a normal commission turned bad when the artist went to view the customer's request. ImageImageImageImage
2/ After opening the zip file, we can see example art, along with the PDF file containing the customer's sketches, however, this isn't a regular PDF file. It is actually a Screen Saver (.scr) file, which is an executable script, disguised as a PDF file. ImageImage
Read 12 tweets
Serpent Profile picture
May 10, 2022
Using an exploit with Google ads, scammers are able to make the real and scam URL look exactly the same.

Already ~100 ETH stolen πŸ§΅πŸ‘‡ Image
1/ After clicking the top link, you will be redirected to one of these phishing sites. On the phishing websites, they have two types of scams going on.

One will try to get your seed phrase, and the other one calls a Refund() method and attempts to drain your wallet balance. ImageImageImageImage
2/ How do you prevent this?
- ALWAYS make sure you're on the right URL at all times
- Never confirm random transactions. Always be cautious.
- Never give out your seed phrase.
- Stole your valuables on a cold wallet
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(