Earlier this month, some Facebook users noticed something odd: Bitcoin mining company Bitmain seemed to be posting in the comments of one of its posts, advertising some sort of “partnership” tied to Bitcoin and requesting a cryptocurrency transfer. The post was suspicious; some wondered whether the company had been hacked.
But the post wasn’t from Bitmain at all, the company explained in a follow-up comment on Facebook. Instead, a savvy imposter had set up a fake account, then commented on a legitimate thread from the company, attempting to draw users into sending Bitcoin. “There are plenty of users creating fake accounts with our profile picture and inputting the same name as Bitmain,” the company wrote in a Facebook comment. “We always have these taken down but new ones always come out.” Users with pages like Bitmain’s rely on flagging content to Facebook and then waiting for the company to take it down. It’s not clear in this case how long the posts were visible. (Bitmain declined to comment.)
The scheme has hit others on Facebook, too. This week, an account imitating The Verge was making the same pitch in Facebook comments. “We are excited to be partnering with Bitcoin,” read the comment, which used similar language to the Bitmain proposal. The comment claimed to be offering a giveaway in exchange for providing a small sum of Bitcoin to “verify your address.”
The Facebook comments are an example of a scheme that’s so far largely gained prominence on Twitter. Most famously, on that platform, users imitating Elon Musk have joined threads from the Tesla CEO as a way to lure users into similar traps. That ploy turned especially sophisticated recently, as scammers hijacked legitimate accounts that were verified by Twitter and then used them as vehicles to solicit Bitcoin. One wave of hacks even ensnared Google’s G Suite Twitter account.
The scheme is enormously simple, although it’s hard to say how effective it is. At a glance, it’s not always easy to immediately suss out whether a comment is coming from the account it’s purporting to be. Then again, if a user is technically sophisticated enough to set up a Bitcoin wallet, will they still fall for a fairly rudimentary scam?
Many scammers, at least, seem to be betting that the answer is yes. While it’s easy to find the Twitter accounts making those posts, more limited search functions make it difficult to find out who may be posting fraudulent comments on Facebook, and it’s not clear exactly how widespread the issue is. But the company is hardly immune to imposter accounts. Earlier this year, The New York Times highlighted how scammers posed as Mark Zuckerberg and Sheryl Sandberg on Facebook to swindle users out of money.
“Bitmain would like to remind everyone to be cautious”
In response to the Times’ investigation, a Facebook spokesperson said the platform was trying “to get better” at tackling the problem. While the company appears to remove posts when they’re flagged, it’s not clear exactly what safeguards Facebook has in place to detect fraudulent accounts or whether the company gives any additional scrutiny to verified pages. Facebook did not immediately respond to a request for comment.
Bitcoin, which has become a favored currency in online scams, has also presented other problems for Facebook. The company said earlier this year that it would no longer allow cryptocurrency ads on its platform, as too many were not “operating in good faith.” Facebook largely reversed that ban later, but the company has still faced criticism over its handling of the problem. Last month, some observers noticed that sponsored posts on Facebook were being used to obtain sensitive information by promoting a cryptocurrency that didn’t exist.
“Bitmain would like to remind everyone to be cautious due to the numerous fake accounts that are trying to SCAM online users,” the company wrote on its Facebook page yesterday, posting an infographic about how to identify fraudulent accounts. “Kindly take some time to go over the information in order to avoid scams.”