November 17, 2023 at 06:36PM
The official Twitter account for Bloomberg Crypto directed users to a deceptive website in a phishing attack. The link led to a Telegram channel with 14,000 members, urging visitors to join a fake Bloomberg Discord server. Scammers took advantage of Bloomberg’s previous Telegram link, which remained active, and used it to carry out the phishing scheme. The malicious link was removed from Bloomberg Crypto’s Twitter account after 30 minutes. Discord accounts are often targeted by threat actors to steal credentials and promote cryptocurrency scams. A spokesperson from Bloomberg has not yet commented on the incident.
Based on the meeting notes, here are the key takeaways:
1. The official Twitter account for Bloomberg Crypto was used in a phishing attack to redirect users to a deceptive website. The website aimed to steal Discord credentials by prompting visitors to join a fake Bloomberg Discord server.
2. The scammer took advantage of the transition from Bloomberg’s older Telegram channel to a new one by seizing the old Telegram username. They used this old username to carry out the phishing scheme.
3. The phishing website used an altered domain (altdentifiers[.]com) instead of the legitimate AltDentifier domain to trick users into verifying their Discord accounts.
4. After users clicked the verification link and entered their Discord login credentials, their accounts were compromised.
5. The malicious link was removed from Bloomberg Crypto’s Twitter account 30 minutes after it was discovered.
6. Discord is a common target for credential theft in the crypto community, as compromised accounts can be used to promote cryptocurrency scams.
7. BleepingComputer attempted to contact Bloomberg for comment, but a spokesperson was not immediately available.
These takeaways highlight the incident of the phishing attack, the methods used by the scammers, and the potential risks faced by crypto users on Discord.