FBI issues alert regarding phishing schemes and social media account takeovers.

The Federal Bureau of Investigation has issued a warning regarding criminal entities that are taking over social media accounts and impersonating legitimate individuals within the nonfungible token and cryptocurrency sectors.

Additionally, it expressed concerns about counterfeit websites that mislead victims into believing they are engaging with authentic platforms, aiming to steal their NFTs or cryptocurrency.

This alert comes as the number of individuals losing their funds through these two types of scams continues to rise.

Recent phishing link tweeted from Uniswap founder Hayden Adams’ Twitter account by hackers. Source: Twitter

In a public service announcement dated August 4, the FBI urged individuals to remain vigilant against “criminal actors impersonating legitimate NFT developers in financial fraud schemes targeting active participants in the NFT community.”

“Criminals either gain direct access to NFT developer social media accounts or create nearly identical accounts to promote new NFT launches. Fraudulent posts frequently aim to instill a sense of urgency, utilizing phrases like ‘limited supply’ and referring to the promotion as a ‘surprise’ or previously unannounced mint.”

“Links included in these announcements are phishing links that lead victims to a counterfeit website that seems to be a legitimate extension of a specific NFT project,” the FBI added.

Typically, these scam websites encourage individuals to connect their wallets to claim or purchase NFTs, but instead link to a drainer smart contract, resulting in the loss of the person’s funds or assets.

However, it is important to note that the situation can sometimes be more complex. There are additional methods through which individuals can have their funds drained even without directly connecting their wallet to a suspicious website.

In an April 5 thread on X (Twitter), user @robbyhammz mentioned that they inadvertently clicked on a counterfeit Looks Rare NFT marketplace website and did not connect their hot wallet, yet still had over $300,000 worth of NFTs stolen.

Alarmingly, the fraudulent website was advertised at the top of Google’s search results as a paid advertisement, which has been an ongoing issue that remains unresolved by Google.

Was just talking with @bax1337 earlier today about how Google Ads phishing scams are out of control. Surprised no one has organized a class action against them. Have easily seen 8 figures stolen from them recently.

— ZachXBT (@zachxbt) August 5, 2023

There was considerable discussion in the comments regarding how the victim could have their NFTs stolen without connecting their wallet.

Some suggested that malware enabling access or control of the victim’s computer was involved, while others proposed that the scam website might have contained a hidden MetaMask wallet signature link that was accidentally clicked.

Related: Zero transfer scammer steals $20M USDT, gets blacklisted by Tether

On the same day, Web3 anti-scam platform Scam Sniffer tweeted that another individual had lost $446,000 worth of Bitcoin (BTC), Ether (ETH), and Pepe ($PEPE) due to a phishing link.

Scam Sniffer indicated that the Pink drainer address was responsible for the phishing attack, while ZachXBT pointed out that it may have occurred through two fake airdrop links promoted by @AvalancheApp and @QwQiao — two accounts that were compromised within the previous 24 hours.

These two happened in past 24 hrs pic.twitter.com/KV5Kaxhihf

— ZachXBT (@zachxbt) August 5, 2023

In its warning, the FBI provided several recommendations for individuals to safeguard themselves against these types of scams.

The FBI stressed that individuals should research and “vet any opportunity” such as surprise NFT drops or giveaways before clicking on links. It also advised people to carefully check for any inconsistencies in website URLs or account names to avoid falling prey to impersonators.

Magazine: Deposit risk: What do crypto exchanges really do with your money?