Non Cult Crypto News

Non Cult Crypto News

in

Impersonators use Slack ‘driver’ in attempt to swindle crypto educator

The impersonators claimed to be members of the ParaFi team, but the victim realized he was being scammed when they tried to convince him to download ‘drivers.’

Own this piece of crypto history

Collect this article as NFT

COINTELEGRAPH IN YOUR SOCIAL FEED

Crypto educator Duo Nine, creator of the Your Crypto Community (YCC) platform, nearly fell victim to an impersonation scam on Sept. 30, according to an Oct. 1 X thread.

The scammers claimed to be executives from venture capital firm ParaFi. Their goal was to convince Duo Nine to download a “patch” that would allow his copy of Slack to work. In reality, the “driver” was likely malware, and the impersonators were attempting to steal his private key and drain his crypto wallet of everything it contained. 

ParaFi Partner Kevin Yedid-Boton stated in an Oct. 1 X post that the scammers are not associated with his firm and that crypto users should not interact with the bogus accounts.

“Last night[,] I was the victim of one of the most complex social engineering scams I’ve ever seen impersonating @paraficapital staff,” Duo Nine stated, adding “If you’re in crypto, you are a target.”

He explained that he had been contacted on X by a person claiming to be Ryan Navi, principal and head of venture at ParaFi Capital.

The person stated that he was representing Web3 protocols Layer3, Polymarket, Zapper and Coin98. These protocols were looking for “KOLs” (key opinion leaders) to help them market their products, the person stated, implying that they may be interested in partnering with Duo Nine.

The message came from a verified account on X.

Duo Nine responded by asking for an email from the company’s domain or a private message from the company’s X account.

The person refused to provide him with either but did refer him to ParaFi’s official website, which listed “Ryan Navi” and several other team members. The person also showed Duo Nine that each member of the team had a verified X account and that all of these accounts were following his account. According to Duo Nine, he saw the person’s unwillingness to provide an email as an “instant red flag.” Even so, he “decided to play ball.”

Conversation with ParaFi impersonator. Source: Duo Nine.

After exchanging a few messages with him, the supposed “Ryan Navi” invited the crypto educator to a group Telegram chat with himself and two other people claiming to be ParaFi team members Nicole Ferguson and Stephanie Ng.

Through the chat, the four individuals agreed on the terms of a new partnership. However, at the last minute, “Nicole” suggested that the two meet via an audio call to hash out the final details. It was at this moment that the true purpose of the meeting began to unfold.

Recent: World Record Egg’s two crypto tokens smell kind of bad

The supposed team members sent him an authentic Calendly link, which he verified by inspecting the URL. Through this link, he set up a meeting with them. However, they warned him that the team would use a Slack server to have the call, which meant that he would need to sign up for a Slack account. He found this request to be “curious” but signed up anyway.

When Duo Nine received the link to the organization’s Slack server, he once again checked it to make sure that it came from the correct domain name — in this case, Slack.com.

Sure enough, the link did lead to a subdomain of the official Slack website. So far, the server appeared to be legitimate.

However, when clicked, it produced an error message. “Sorry! Something went wrong, but we’re looking into it,” the message stated.

Error message from impersonation scam server. Source: Duo Nine.

He told “Nicole” about the error message, and she asked “Ryan” about it. “You had this error last week, no?,” she reportedly asked the other supposed team member.

In response, “Ryan” claimed that the solution he found was to download a “driver” that was linked to from a Reddit forum post.

Suspecting that he was being asked to download malware, Duo Nine refused to install the “driver.”

Instead, he once again asked the individuals to send an email from the ParaFi domain to prove that they were not impostors.

In response, “Ryan” sent an email from paraficapital@outlook.com, featuring the wrong outlook.com domain and proving that he likely did not have access to the authentic one, parafi.com.

At this point, the game was up. Duo Nine confronted them with the evidence against them, and they responded by deleting their messages and ending all contact with him.

In the post, Duo Nine urged users to “raise awareness” of this scam and others like it and to keep funds in hardware wallets for extra protection against malware.

ParaFi warns users of impersonators

On Oct. 1, Yedid-Boton posted to X to warn the crypto community of the scam. “ALERT: FAKE ACCOUNTS IMPERSONATING @ParaFiCapital TEAM,” he stated from his official account.

According to the post, the impersonators “are verified with @X  and pay a subscription, which implies that these scammers expect to profit from these fake accounts!”

Related: Uniswap founder warns community about ENS wallet impersonation scam

Users can distinguish between the real and fake ParaFi accounts because the real one has a yellow badge, and the real team members who follow it have “affiliate” badges proving that they are truly affiliated with the company, the post stated.

Yedid-Boton suggested that users should not “interact or trust any posts, messages, or content” from the fake accounts.

The alleged malware Reddit post

The alleged malware Reddit post came from user u/andler_schust, whose account was created in March. The post was created on Oct. 22. It links to Flaudriver, which claims to be an app that scans a user’s computer and checks to see if they need to update drivers.

Flauidriver webapp, alleged to be malware. Source: Flauidriver

Driver-update scanning apps often require the user to approve extensive permissions, which makes them extremely risky to use. Users should generally not install these types of apps unless they are from a trustworthy source. Cointelegraph did not test the app to determine if it is malware.

According to website analytics platform Scamvoid.net, Flauidriver was released on Oct. 20. The Reddit post was created on Oct. 22, two days after the site was created.

Reddit post promoting Flauidriver. Source: Reddit.

Impersonation scams are a common problem in the crypto community. On June 15, Binance co-founder Yi He posted several examples of scam accounts she found on X that claimed to be hers but were in fact, impersonators. She sought to raise awareness of the problem and to convince X executives to be more vigilant in blocking these accounts.

Magazine: Bankroll Network DeFi hacked, $50M phisher moves crypto on CoW: Crypto-Sec

On the same day, the United States Cybersecurity and Infrastructure Security Agency (CISA), warned that scammers were impersonating government employees in order to steal users’ crypto.

This article first appeared at Cointelegraph.com News

What do you think?

Written by Outside Source

Sui Integrates SCION as a First-of-its-Kind Security Protocol for Network Validators

Bitcoin Price Analysis: The Reason Behind BTC’s Crash to $60K Today

Back to Top

Ad Blocker Detected!

We've detected an Ad Blocker on your system. Please consider disabling it for Non Cult Crypto News.

How to disable? Refresh

Log In

Or with username:

Forgot password?

Don't have an account? Register

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

To use social login you have to agree with the storage and handling of your data by this website.

Add to Collection

No Collections

Here you'll find all collections you've created before.