The Flipper Zero phishing campaign is highly targeted toward cybersecurity researchers and the InfoSec community. Here’s what to watch for.
Hackers are using the increased hype of Flipper Zero in the security community to target individuals and steal their details and cryptocurrencies.
Hackers and security researchers can make use of Flipper Zero, a pocket-sized multi-functional cybersecurity device. It has RFID emulation, digital access key cloning, radio communications, NFC, infrared, Bluetooth capabilities, and more.
After a remarkable 2020 Kickstarter campaign, leading to over $4.8 million in pledges and 81 times more than the original goal of $60,000, the device was launched by the developers.
Security researchers have shared videos on social media showing the impressive yet frightening abilities of Flipper Zero, generating a lot of buzzes which has piqued the interest of those hoping to become hackers and researchers.
Despite a surge in demand, production complications hindered the product last year, which led to supply shortages. Due to the widespread interest in Flipper Zero, malicious actors utilize limited availability to create illegitimate stores and sell counterfeit versions.
How to avoid the Flipper Zero phishing campaign:
One of the fraudulent Twitter accounts looks like it has the same handle as the verified Flipper Zero account, except it uses a capital “I” instead of an “l” in the name.
Dear @Instagram and @InstagramComms, there are hundreds of fake and scam accounts imitating our official Flipper Zero Instagram account. These fraudulent accounts try to fool people and steal money.
We can’t report them because we are rejected to have a verified blue check mark pic.twitter.com/iUBlfLZzSl
— Flipper Zero (@flipper_zero) December 23, 2022
This phony Twitter account is actively replying to people regarding availability and other accounts’ posts to appear authentic.
As of this writing, one counterfeit store is still operating and pretending to offer the same prices for Flipper Zero modules, Wi-Fi modules, and cases as the verified store.
The aim is to guide consumers to the phishing checkout page, where they will be asked for their emails, real names, and shipping addresses.
People who have fallen victim are offered the option to pay using Ethereum or Bitcoin, given that their transaction will be processed in 15 minutes.
No payments have been made to the wallets in question, meaning either the store hasn’t tricked any security researchers or it has switched up to new wallets after each transaction.
The threat actors have moved to use plisio.net invoices, which accept Crypto payments including Litecoin, but these invoices are not working and indicate the order has expired.
Given the ongoing demand and supply issues, scammers are taking advantage of the situation by creating fake online stores that mimic the real Flipper Zero, in an attempt to deceive security experts into giving out their data and cryptocurrency.