GDT Webinar Series – How to Fail at Security? Reserve Your Spot

If you fall victim to it, you won’t end up marking it as “like”

By Richard Arneson

Apparently, scammers get bored, too, at least the ones who find it fun and profitable to generate hustles related to cryptocurrency. They’ve found a new target—Facebook. Their scamming medium of choice has primarily been Twitter, which has for months been littered with fake cryptocurrency advertisements. For Facebook, however, they’ve modified their strategy and tactics. On Twitter, their basic, garden variety scam has been the infamous Bitcoin giveaway (tip: if it’s a giveaway, it’s you who will be giving away something.). For Facebook, their tactic involves luring users into coughing up sensitive info, such as the holy grail of scamming–credit card information.

Here’s how it works…on Facebook, at least

The attackers (I call them miscreants) set up phony pages with a call-to-action in the form of a fake, sponsored ad. After clicking on it, users are directed to a replica CNBC page that promotes an investment opportunity. While claims of big investment opportunities should be the first clue that you’ve ventured into murky digital waters, if it doesn’t and you end up there, you’ll be given the opportunity to purchase a new, shiny cryptocurrency from CashlessPay.
According to the ad, Singapore just announced they’re adopting an official coin, which can only be purchased from CashlessPay. Oh, and it includes fake endorsements from sundry celebrities, including Sir Richard Branson, famed English entrepreneur and owner of The Virgin Group. Gee, if Richard Branson invested in it, it must be good. I’m all in! And that’s exactly what they’re praying to The God of Cybercrime that you’ll be thinking. And, of course, once you pull out your plastic cash and enter in a few digits, you’ve just become a victim. You’ll soon unknowingly purchase high-end electronics throughout the world.

Is Facebook asleep at the wheel?

It seems odd to most that these malicious ads got past Facebook and Twitter in the first place. In the Facebook case, the miscreants were able to slide past their defense mechanisms, odd considering that earlier this year they banned all blockchain and cryptocurrency advertisements. It’s not clear exactly how they circumnavigated Facebook’s security sentinels, but obviously they did. It is interesting, though, that phony cryptocurrencies require payment via bank wires or credit cards.

Twitter appears to be the first social media victim, but they’re not flattered

While Facebook has been scammed for what appears to only be a matter of weeks, Twitter has been battling fake cryptocurrency ads for the past nine (9) months. Initially, Twitter scammers launched armies of bots that mass-spammed links to cryptocurrency giveaways. They tweaked their approach and decided to implement a more selective spamming model. They began hijacking real profiles; one (1) of their favorites was Elon Musk. Other targets soon followed, including several politicians and government accounts. Their piece de resistance? Google and Target, who both fell victim to the scam.
The question now: “Can Facebook remediate this issue faster than Twitter?”
We’ll see.

Security Concerns?

To find out how to secure your organization’s network, contact GDT’s tenured and talented security analysts at From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

Read more about network security here:

They were discovered on Google Play, but this is no game
And in this corner…
Elections are in, but there’s one (1) tally that remains to be counted
Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan
Gen V
Sexy, yes, but potentially dangerous
Tetration—you should know its meaning
It’s in their DNA
When SOC plays second fiddle to NOC, you could be in for an expensive tune
How to protect against Ransomware


Share this article

You might also like:

Mergers, acquisitions, and divestitures (M&A/D) offer opportunities for businesses to grow, streamline operations, and enter new markets. However, strategic planning and financial negotiations can overshadow a crucial element: information security.   This blog post dives into the critical security considerations for M&A/D activities, exploring the importance of information security, potential risks,

AI and Data Security

The advent of artificial intelligence (AI) brings transformative potential across industries while also introducing significant data security challenges. As AI systems become integral to operational and decision-making processes, safeguarding sensitive information against sophisticated threats is paramount. This exploration sheds light on the complexities of AI and data security and proposes

Transport layer security (TLS)

Transport layer security (TLS) is one of the most common tools for keeping users safe on the internet. When automated, TLS certification management can help organizations ensure more reliable and consistent use of TLS, reducing the need for human intervention and risk of human error. In fact, over the years,