Scammers are now using the NFT airdrop feature to phish people’s crypto wallets, the FBI has warned in a public service announcement.
Cybercrooks are defrauding crypto players through the non-fungible token (NFT) airdrop embedded in non-custodial wallets, disguised as free rewards or incentives for Hedera Hashgraph network users, according to the warning.
The Hedera Hashgraph is the distributed ledger used by Hedera, which leverages the hashgraph consensus technology to power decentralized applications. The airdrop is a campaign-type feature originally created by Hedera for marketing. It has since been embraced by others and mainly consists of giving away a certain amount of token to a select group of people to gain popularity.
According to the FBI, scammers have been seen using the “memos” associated with the airdrop process to feed the victim a phishing link designed to capture login and security information, including seed phrases.
“Once the transaction is completed, and the user receives unsolicited or promotional cryptocurrency tokens and rewards in their non-custodial wallet as part of the airdrop process, a plaintext ‘memo’ section appears that may be used to provide additional context about the transaction, including a reference number,” reads the notice.
“[…] Users are required to click the embedded uniform resource locator (URL) to accept the tokens or rewards. […] Cyber criminals are compromising this memo feature and including a URL to a third-party website,” the notice says, adding that the URL “links the user’s cryptocurrency wallet to the website’s decentralized applications (dApps) function to earn additional cryptocurrency.”
It says the connection “often requires the user to input their login and security information, including seed phrases5 to complete the connection. This information entered by the user, allows the cyber criminal to steal the user’s cryptocurrency from their wallet.”
Scammers have also been spotted advertising phishing links for fraudulent NFT airdrops on social media or through third-party websites.
Others may send a phishing email offering an airdrop of free tokens.
“When a user clicks the link to visit the site, the URL connects to the user’s wallet or the user will be directed to provide their password and/or link their wallet to receive the tokens,” warns the bureau.
The crooks then enter the user’s wallet and shift the victim’s digital assets to a wallet in their control.
How to protect yourself against NFT airdrop scams
The FBI notice includes several mitigation tips for players in the crypto market, including:
· Do not respond to requests to provide passwords, seed phrases, or one-time passwords sent to your accounts if you did not initiate the outreach
· Verify the offer is from your cryptocurrency provider before accepting and/or providing any information
· Do not click links or use numbers provided in suspicious emails for confirmation purposes
· Only use verified customer service numbers provided by the company on official communications
· Monitor cryptocurrency accounts for suspicious login attempts, unauthorized changes to the account, unrecognized transactions, or compromised credentials
· Be cautious of individuals or companies claiming they can assist in recovering funds lost in scams, as this may be an additional scam
The FBI encourages anyone witnessing or experiencing an airdrop scam to reach out to the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.
If scammers contact you directly via phone, SMS, instant messaging or email out of the blue, chances are your personal details were caught in a leak or data breach.
Read: What to Do if Your Data Gets Caught in a Breach
Use Bitdefender Digital Identity Protection to find out if your data has leaked on the underground web, what type of information was compromised, what risks you face, and how to protect yourself.
When in doubt about a suspicious text, phone call, or social media interaction, Use Scamio, our free, scam-fighting AI bot. You can share with Scamio the exact thing you want to check, such as a screenshot, link, or QR code – or simply describe the situation to our chatbot in your own words. Scamio lets you know in seconds if it’s a sham.
You may also want to read:
Watch Out for ‘FBI Agents’ Offering to Recover Your Stolen Funds
Threat Actors Cost US Targets $16.6 Billion in 2024, FBI Report Shows
