While social media may not be the number one source of crypto fraud –that would be decentralized finance (DeFi), according to Chainalysis – it’s certainly rife with scams. In 2021, con artists used Tesla CEO Elon Musk’s appearance on “Saturday Night Live” to bilk users out of $10 million through fake crypto giveaways on Twitter and YouTube.
A good practice when encountering anything on social media is to be skeptical. Here are some ways to be on the lookout for, and protect yourself from, common social media scams.
1. The classic giveaway scam
The common social media cryptocurrency scam follows a formula. The scammers mimic major brands and/or impersonate celebrities to promote giveaways that promise to double your money if you deposit bitcoin or other crypto assets into a designated wallet address. Of course, this is not what happens, and as soon as you send your cryptocurrency it’s gone forever.
It is worth pointing out there are sometimes legitimate giveaways circulating on Twitter, but take care to do thorough research before you interact in any way with a giveaway.
Your first step can be a simple Google search for the giveaway. When Chipotle did a “Burrito or Bitcoin” giveaway, a simple search for “Chipotle crypto giveaway” will return not only thousands of results, but also dozens of articles from trustworthy publications like USA Today, CoinDesk and CNN. On the other hand, a recent scam using the likeness of Ethereum co-founder Vitalik Buterin would have easily been discovered using a search for “Vitalik Buterin Crypto Giveaway.” The results only spoke about the scam, not the promotion.
Next, you want to check the official website to confirm the giveaway. When Chipotle, Coinbase and Cash App did bitcoin giveaways, they all had official blog posts that were easy to find and included terms and conditions of the giveaway.
Finally, make sure you’re checking the actual website. For example, Cash App’s website is cash.app, not cashapp.com. Scammers will take legitimate-looking addresses and create fake pages to fool unsuspecting victims with elaborate and convincing sites.
2. Fake verified accounts
Another common trick con artists use to steal crypto is to take advantage of the trust signals that social media platforms utilize, such as blue checkmarks on Twitter. The problem is, scammers will create profile pictures that include a blue checkmark or cleverly use the wallpaper to incorporate a blue check at just the right place to look authentic.
If a blue checkmark is real, you can hover over it and it will show this box:
Facebook-verified accounts will display a similar message if you hover over the checkmark: “Facebook confirmed this is the authentic profile for this public figure.”
Real accounts on Instagram have similar marks, though no pop-up. But you can check for the number of followers and other signals that an account is the real deal. The real Mark Cuban has 1.7 million followers on Instagram while this fake account has just 31.
This should not be wholly relied upon, however, because there have been instances where hackers have successfully managed to breach Twitter’s security and disseminate crypto giveaway scams through official Twitter accounts belonging to high-profile individuals and companies. These included Kayne West, Barack Obama, Apple and Uber.
Another thing to be wary of is people using Ethereum domains as part of their handles, which many legitimate (but not officially verified) people do. For those of you who aren’t familiar with it, the Ethereum domain name is a way to create a shortcut to share your identity on the Ethereum blockchain. Many well-known figures utilize the .ETH domain including Vitalik Buterin, Andreeson Horowitz investment partner Chris Dixon, non-fungible token (NFT) influencer Farokh Sarmad and even socialite Paris Hilton.
In effect, the .ETH domain name has created semi-verification for people. However, this means more scammers will utilize .ETH handles to feign credibility and defraud investors.
Check out the two photos of social media profiles of Vitalik Buterin below. One is real and the other is fake. Can you tell which one is which?
It’s the Instagram account that’s fake.
When this account was active, it regularly ran cryptocurrency scams. While the fraudster was able to convince 640,000 people to follow the account (though it is also possible the person used bots or bought followers to look legitimate), there were plenty of red flags.
First, it doesn’t have the verification mark. Second, posted stories misspelled “Ethereum” as “Etereum.” Spelling and grammatical errors are often key indications of a scam.
3. Twitter reply scams
As mentioned above, hackers have a history of successfully breaking into Twitter accounts in order to increase the impact of their scams. While the large-scale nature of the 2020 breach was an extremely rare example, hackers often break into smaller verified Twitter accounts and alter them to look like other legitimate accounts.
For example, a scammer hacked the official check-marked account of Troy Stecher, a hockey player for the Detroit Red Wings, modified it to look like the “Saturday Night Live” Twitter feed and used it for a scam.
Hackers will also use these verified accounts to reply to other high-profile accounts or viral tweets to gain more exposure. Mahbod Moghadam, who founded Rap Genius and Helladoge, aptly sums up the “reply technique” in social media as “no one reads your tweets, but they read your replies to famous people’s tweets.”
So if you’re reading the replies and see a giveaway or other get-rich-with-quick crypto promotion, it’s 99.9% sure to be a scam.
4. Fraudulent YouTube live videos
One growing crypto scam on social media utilizes YouTube live videos. Researcher Satang Narang reported that in just one month YouTube Live giveaways defrauded $8.9 million out of investors.
With a YouTube Live scam the fraudsters create a live video (often using stolen content), portray themselves as some form of authority in cryptocurrency and post a link to a “giveaway” in the video’s description, where you’ll be asked to send cryptocurrency. By using the Live feature, the fraudsters avoid YouTube’s content review process until the video is over.
As with the other social media scams, the best way to avoid this one is to do your research. Some ways to check if a YouTube channel is legitimate are:
- How many videos does the channel have? A channel with only a few videos is suspect.
- Does it have YouTube’s gray verification badge?
- How long has the channel existed? Go to the About link in the channel’s profile and check the “stats” section to find out when the channel was created. If it’s a brand-new channel, beware.
- Is the live video taking up the full screen? Most scam live videos give up half of the screen to promote the link to the giveaway, but a real Live video won’t usually do this.
5. Crypto catfishing
Beware of the new wave of catfishers and fake accounts trying to separate you from your crypto by sliding into your direct messages, or DMs. While sometimes legitimate opportunities can come from DMs, like Busta Rhymes’ finding his NFT designer through Twitter DMs, more often than not DMs lead to scams. If someone DMs you a link and you don’t know them, do not click on that link unless you’ve done a thorough background check.
We asked Eric Charles from NFT platform Origin Protocol how to filter legit DMs about crypto from fraudulent ones on social media. His advice was, “I tend to assume most [DMs] are scams, but I will view the person’s profile on Twitter. Based on their activity, verification status and when their account was created, I’m able to determine if it looks legit or not.”
With crypto, you have to be especially careful. Unlike a credit card scam where you can dispute transactions and get your money back, whatever amount you send to someone in crypto cannot be disputed to a higher authority. So it’s extra important to do your due diligence and exercise caution.