Twitter bots posing as customer support are trying to steal your crypto

A Twitter bot phishing scam is on the rise, scanning every tweet you post in an attempt to steal the contents of your crypto wallet.

Would-be attackers use Application Programming Interfaces (APIs) to identify Twitter users in need of customer support.

These APIs scour every public tweet for a range of keywords which trigger fake bot accounts to respond.

A test conducted by BleepingComputer showed tweets with words like ‘support,’ ‘help,’ or ‘assistance,’ coupled with ones like ‘MetaMask,’ ‘Phantom,’ ‘Yoroi,’ and ‘Trust Wallet’ trigger automatic replies linking to fake Google forms hoping to steal your information.

"Having issues with your wallet , contact their instant support team directly to rectify it for you, it is fast & reliable." Click on the link.. https://t.co/AljQ45eno4
— sharif (@sharifblr) December 7, 2021

For example, a user tweeting about being locked out of a MetaMask wallet will receive several replies from fake MetaMask customer support accounts.

Bleeping Computer first wrote about the novel phishing scam in May. Since then, scammers have widened their list of targets, with more bots than ever hungry for your seed phrase.

Inundated with Twitter bot replies

We posted a bait tweet hoping to trigger phishing bots and received several scam responses in just a few seconds.

Scammers direct the Twitter user to Google forms asking for their seed phrase.
A seed phrase or recovery is a 12-word password that, when shared, allows scammers to take control of the wallet and add it to their own device.
Most of these Google forms look fairly rudimentary, but some seem more convincing.

Drag the arrow icon left or right to view the difference between a rudimentary and somewhat more convincing phishing form.

Twitter bot phishing now a common con

Bleeping Computer has seen a rise in scams involving Twitter APIs. It found Cardano wallet Yoroi and Solana wallet Phantom both have bots phishing for the crypto stored inside.

A similar con peddled on both Discord and Twitter tricked users into handing over their NFT collections by pretending to be OpenSea support staff.

Contact ALPHA_CRACK on Instagram he works with support he just got mine fixed
— Eden Franklyn (@Edenfranklyn05) December 7, 2021

And while an eagle-eyed Twitter user might be able to spot a bot tweet from a mile off, there’s a variation of the con which is just as prevalent.

In this version, the bots respond with a recommendation for a third-party account recovery service. The mark pays upfront for the tech support — only to be ghosted.

Potentially less financially devastating, but annoying nonetheless.

In case it needs repeating, do not ever give out your seed phrase.

Follow us on Twitter for more crypto news.