Friend.Tech Faces Phishing Wave: Journalist Impersonation Unveiled

In a concerning turn of events, Friend.Tech, the decentralized social network, is grappling with a surge in phishing attacks orchestrated by individuals posing as journalists, warns blockchain security firm SlowMist. The assailants exploit a cunning strategy, manipulating users into compromising their Friend.Tech credentials and risk of theft of associated funds.

This fraudulent activity surfaced on October 14, initially reported by a Twitter user named Masiwei, who fell victim to a malicious code targeting Friend.Tech for account theft. SlowMist’s investigation revealed a nefarious JavaScript script embedded in a link shared by the attacker.

The attackers, as identified by SlowMist, specifically target Key Opinion Leaders (KOLs) on Friend.Tech, creating a false sense of community by infiltrating the target’s Twitter network. The perpetrators go a step further by scheduling interviews and directing users to join Telegram for the supposed legitimate interaction, enticing them with the prospect of publication on a reputable news website.

Post-interview, users are directed to a phishing link under the guise of verification, claiming to prevent impersonation. Here, the attackers cunningly instruct users to drag a “Verify” button to their bookmark bar, unknowingly exposing their Friend.Tech account credentials through a malicious JavaScript script.

SlowMist emphasizes the severity of such attacks, pointing out that the theft of the independent password (2FA) for Friend.Tech exposes users to the risk of losing not only their account but also the associated wallet Privy, including the embedded tokens.

To prevent falling victim to such phishing attacks, SlowMist advocates for increased awareness of social engineering tactics, caution against clicking unfamiliar links, and education on recognizing phishing indicators, such as misspellings or excessive punctuation in domain names. Additionally, users are urged to install anti-phishing plugins.

This incident isn’t the first instance of friend.tech users facing digital asset theft. Notably, SIM card manipulation targeted users last month, prompting the introduction of a 2FA password feature by the platform to enhance security against such attacks.

* Original content written by Coinlive. Coinbold is licensed to distribute this content by Coinlive.

Coinlive is a media company that focuses on Making Blockchain Simpler for everyone. We cover exclusive interviews, host events, and feature original articles on our platforms