Malwarebytes spotted multiple Twitter accounts seeking to take advantage of people searching for a bitcoin wallet recovery tool.
In late April 2021, the official Twitter account for this application warned users to always remember the “first rule of crypto”, that is, to never give out their recovery phrase.
Other profiles involved in this campaign auto-responded to tweets seeking help from the official account.
In that specific attack, they posed as customer support representatives for EA Sports on Twitter.
Organizations can defend their employees against the types of Twitter social engineering discussed above by investing in their security awareness training programs. They can specifically use phishing simulations that emphasize how unlikely it is that official companies will ever use a form hosted on Google Docs to process official customer support requests.