Privacy Ninja

New “Elon Musk Club” Crypto Giveaway Scam Promoted Via Email

New “Elon Musk Club” Crypto Giveaway Scam Promoted Via Email

A new Elon Musk-themed cryptocurrency giveaway scam called the “Elon Musk Mutual Aid Fund” or “Elon Musk Club” is being promoted through spam email campaigns that started over the past few weeks.

Before you dismiss these scams, saying that no one falls for them, similar crypto scams have been hugely successful and have generated hundreds of thousands of dollars in the past.

For example, scammers made $180K in a single day in 2018, Twitter suffered a massive attack where crypto scammers earned $580K in a week in January 2021, and then another scam stole $145K in February.

Just last week, someone sent three bitcoin, or $150,074 at the time, to a known crypto giveaway scam.

Also Read: 5 Workplace Tips: Protecting Information on Mobile Devices

The Elon Musk Club scam

While most cryptocurrency scams target social media users, scammers now use email spam to promote a new “Elon Musk Club” or “Elon Musk Mutual Aid Fund” giveaway.

The phishing emails themselves are low effort and include strange non-descriptive subjects and messages. However, they include an HTML attachment named simply ‘Get Free Bitcoin – [id].htm’ or “Elon Musk Club – [id].htm,” as shown below.

Spam email with Elon Musk Club attachment
Spam email with Elon Musk Club attachment

These HTML attachments contain a single line of code that uses JavaScript to redirect the browser to the https://msto.me/elonmusk/ webpage.

Contents of HTML attachment
Contents of HTML attachment

The https://msto.me/elonmusk/ site will pretend to be an “Elon Musk – Mutual aid fund” that promises to send 0.001 to 0.055 bitcoins to all users who participate.

Elon Musk - Mutual aid fund scam site
Elon Musk – Mutual aid fund scam site

When you click on the ‘Accept an invitation” button, the site will bring you to another site called “Bitcoin Donate,” located at https://bitcoindonateur.site/.

bitcoindonateur.site scam site
bitcoindonateur.site scam site

You are prompted to enter a bitcoin address to receive the free bitcoin, your name, and an optional picture at this site.

Enter your information and wallet address
Enter your information and wallet address

When you click the ‘Accept donate’ button, the site will redirect you through a series of pages that pretend to be users donating .001 bitcoin to your account.

Also Read: The Role of A DPO During Work From Home

After your account has accrued 0.055 of fake bitcoin donations, you will be brought to a final page stating that you must first donate 0.001 bitcoins to another user to receive your “financial assistance.”

Scam site prompting victims to send 0.001 bitcoins
Scam site prompting victims to send 0.001 bitcoins

However, these bitcoin addresses are owned by the scammers who take your “donation” but do not send anything in return.

So far, BleepingComputer has seen two bitcoin addresses associated with these scams:

While the scammers have only earned ~$3,661 from these two addresses, many other bitcoin addresses are likely used in this scam.

Even worse, while writing this article, the second bitcoin address received three more “donations.” showing that this scam continues to be successful.

As these scams have the potential to generate a large amount of money for threat actors, they are not going away any time soon and will likely continue to spread to other messaging platforms.

Therefore, everyone needs to recognize that almost every crypto giveaway site is a scam, especially those that pretend to be from Elon Musk, Tesla, SpaceX, and Gemini.

If you receive emails, tweets, or other messages on social media promoting these types of giveaways, it is safer to realize that cryptocurrency you send will not produce anything in return.

Outsourced Data Protection Officer – It is mandatory to appoint a Data Protection Officer. We help our clients quickly comply with their PDPA & data protection requirements.

Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.

Smart Contract Audit – Leverage our industry-leading suite of blockchain security analysis tools, combined with hands-on review from our veteran smart contract auditors.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Powered by WhatsApp Chat

× Chat with us