Fake Spotify site designed to steal users’ bank details | Source: Netcraft
Truth Social, the social media platform launched by Trump Media & Technology Group in 2022, has become a hotbed for scammers targeting users with phishing links, investment fraud, and other malicious schemes. A new report from Netcraft highlights how threat actors are exploiting the platform’s features and user trust to orchestrate cyberattacks at scale.
According to Netcraft, scammers have capitalized on the platform’s rapid user growth and community-focused design. The report states, “When a user joins Truth Social, they are prompted to join groups related to areas of interest… providing threat actors with a rich source of information to identify and contact other users at scale.”
This environment, coupled with high user trust in the platform’s “Truths,” has created fertile ground for cybercriminals. “The majority of those who use Truth Social (87%) say they expect the news and information there to be mostly accurate,” the report notes, reflecting a dangerous overconfidence among users.
Netcraft’s analysis revealed a range of scams targeting Truth Social users, including:
- Phishing Links: French-speaking threat actors have been using Truth Social accounts to post phishing links impersonating popular brands like Spotify, Disney+, and Netflix. These scams redirect users to fake login pages designed to steal credentials and banking information.
- Investment Fraud: Scammers employ “pig butchering” techniques, building trust over time before coercing victims into fake cryptocurrency schemes. Victims often pour substantial sums into fraudulent platforms, unable to withdraw their funds.
- Advance Fee Scams: One common scam involves a package delivery scheme where victims are asked to pay an upfront fee for a supposed cash windfall. Netcraft documented cases where scammers claimed to be in the victim’s city to gain trust.
In one alarming observation, Netcraft reported, “In a single day, our U.S.-based Truth Social account received 40 unsolicited messages from scammers running a variety of scams.”
Scammers are also leveraging Truth Social to bypass traditional email security measures. They use the platform as a redirection tool to avoid detection. For example, phishing emails sent from compromised accounts redirect victims to phishing pages via Truth Social links, making the scam appear more legitimate and harder to trace.
One example cited in the report involves a fake Spotify site designed to steal users’ bank details. The victim is lured into entering both login credentials and banking information under the guise of renewing a subscription.
The Federal Trade Commission (FTC) highlights the growing threat of social media scams, noting that reported losses reached $2.7 billion in recent years. However, Netcraft warns that the true cost of these scams could be “billions, if not trillions,” when accounting for global, unreported incidents.
To combat these threats, Netcraft emphasizes the need for robust detection and takedown strategies. The company states, “It’s critical for businesses to leverage new technologies to detect, disrupt, and take down threats… protecting their consumers from harm.”
Related Posts:
- Black Friday Fake Stores Surge 110%: How LLMs and Cheap Domains Empower Cybercrime
- Netcraft July Web Server Survey: Apache is declining
