New “Elon Musk Club” Crypto Giveaway Scam Promoted Via Email
A new Elon Musk-themed cryptocurrency giveaway scam called the “Elon Musk Mutual Aid Fund” or “Elon Musk Club” is being promoted through spam email campaigns that started over the past few weeks.
Before you dismiss these scams, saying that no one falls for them, similar crypto scams have been hugely successful and have generated hundreds of thousands of dollars in the past.
For example, scammers made $180K in a single day in 2018, Twitter suffered a massive attack where crypto scammers earned $580K in a week in January 2021, and then another scam stole $145K in February.
Just last week, someone sent three bitcoin, or $150,074 at the time, to a known crypto giveaway scam.
The Elon Musk Club scam
While most cryptocurrency scams target social media users, scammers now use email spam to promote a new “Elon Musk Club” or “Elon Musk Mutual Aid Fund” giveaway.
The phishing emails themselves are low effort and include strange non-descriptive subjects and messages. However, they include an HTML attachment named simply ‘Get Free Bitcoin – [id].htm’ or “Elon Musk Club – [id].htm,” as shown below.
The https://msto.me/elonmusk/ site will pretend to be an “Elon Musk – Mutual aid fund” that promises to send 0.001 to 0.055 bitcoins to all users who participate.
When you click on the ‘Accept an invitation” button, the site will bring you to another site called “Bitcoin Donate,” located at https://bitcoindonateur.site/.
You are prompted to enter a bitcoin address to receive the free bitcoin, your name, and an optional picture at this site.
When you click the ‘Accept donate’ button, the site will redirect you through a series of pages that pretend to be users donating .001 bitcoin to your account.
Also Read: The Role of A DPO During Work From Home
After your account has accrued 0.055 of fake bitcoin donations, you will be brought to a final page stating that you must first donate 0.001 bitcoins to another user to receive your “financial assistance.”
However, these bitcoin addresses are owned by the scammers who take your “donation” but do not send anything in return.
So far, BleepingComputer has seen two bitcoin addresses associated with these scams:
- 32hU2JrkmMmgmka2rUuKXc3yd3S9WKxWnp received 73 transactions of 0.05734407 bitcoins, worth approximately $2,731.98.
- 3EbUB9wdQCxJwW5neH3xnTGjuoCA8THU5D received 23 transactions of 0.01953376, worth approximately $930.99.
While the scammers have only earned ~$3,661 from these two addresses, many other bitcoin addresses are likely used in this scam.
Even worse, while writing this article, the second bitcoin address received three more “donations.” showing that this scam continues to be successful.
As these scams have the potential to generate a large amount of money for threat actors, they are not going away any time soon and will likely continue to spread to other messaging platforms.
Therefore, everyone needs to recognize that almost every crypto giveaway site is a scam, especially those that pretend to be from Elon Musk, Tesla, SpaceX, and Gemini.
If you receive emails, tweets, or other messages on social media promoting these types of giveaways, it is safer to realize that cryptocurrency you send will not produce anything in return.
Outsourced Data Protection Officer – It is mandatory to appoint a Data Protection Officer. We help our clients quickly comply with their PDPA & data protection requirements.
Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.
Smart Contract Audit – Leverage our industry-leading suite of blockchain security analysis tools, combined with hands-on review from our veteran smart contract auditors.