Phishing and identity theft risks in the Fediverse: The Case of Bluesky

OIDT risks are everywhere, especially on these modern social networks where users are mainly youngsters not aware of what can happen to them if they don’t protect themselves against cyberfrauds. Here’s an article written by Polytechnique University of Madrid (Universidad Politécnica de Madrid) that studies the example of Bluesky, an increasingly used social network…

***

It is not unknown that, in the last month, Bluesky has gained many users who, dissatisfied with X (formerly Twitter), have decided to create an account and try this platform. But of course, fraudsters are also taking advantage of this cojuncture. In fact, they are already creating malicious campaigns.

In the last week of November, BlueSky exceeded 20 million users and the number continued to increase. This is what has stimulated hackers to start launching cryptocurrency-related scams. In addition, they know that it is a young audience that comes most to this platform, so they have more opportunities there with attacks related to cryptocurrencies rather than other, more traditional, ways to scam.

It must be taken into account that these types of scams have been very present on platforms such as Facebook or Twitter for years.

Cybercriminals know that they have a greater chance of success there, as they encounter many potential victims. Now it is BlueSky’s turn, as soon as it has started to become popular.

What exactly has been the modus operandi of these attackers? What they have done is something that has become very popular: generate a Deepfaked video through Artificial Intelligence, where Mark Zuckerberg appears promoting certain cryptocurrencies, such as “MetaCoin” and “MetaChain”, alluding to Meta. The MetaChain[.]cash website mentioned in the post also appears to carefully impersonate Meta branding, typeface, and messaging. Basically, they impersonate a well-known brand.

In these publications, messages appear indicating that the victim has won a large amount of money in Bitcoins. As expected, they will ask you to enter a link and download a file or do something. All of this is a scam and that is the strategy to reach the victim.

Another bait is to indicate that they are going to give a certain amount of cryptocurrencies to users and that they do not have to pay anything.

They will request data, download a file, etc, in the same fashion as the old phishing emails. That is what can contain malware or serve to steal personal data and passwords.

BlueSky safety team confirmed that over the last week of November alone the platform: “In the past 24 hours, we have received more than 42,000 reports (an all-time high for one day). We’re receiving about 3,000 reports/hour. To put that into context, in all of 2023, we received 360k reports,”

BlueSky’s moderation architecture is not as straightforward as is the case with centralized platforms like X or Instagram. The greater freedom, content control, and independence offered by BlueSky come with novel challenges that need addressing as the decentralized platform gains momentum.

What can you do to protect yourself if you use BlueSky? In reality, you don’t have to do anything different than what you would do on any other social network. Common sense is going to be essential. Avoid making mistakes, such as clicking on ads of this type where it appears that they are giving you cryptocurrencies. Most likely it will be a scam and will be accompanied by having to download a malicious file or give your data.

It is also key to have everything updated. In many cases, hackers are successful by exploiting security flaws. If you keep your devices protected, as well as the programs you use, you will have a more secure environment. Always check that you have everything up to date and also download the software from legitimate sites.

On the other hand, having a good security program will help you increase protection. Install a good antivirus. It is something that you can also install on your mobile.

In short, be careful with fraudulent advertisements that may sneak through BlueSky, where they relate to cryptocurrencies. Threats such as madware, Trojans or keyloggers are some examples of how they could compromise your security.

Universidad Politécnica de Madrid

Latest News

The Dead internet theory

Here’s an article from the Universitdad Poltécnica de Madrid describing the ‘Dead internet theory’, a hypothesis of a cyberspace where bots would have replaced humans.

Read More »