New Flipper Zero Phishing Campaign Targets Infosec Community

A new phishing campaign pushes fake websites promoting the popular Flipper Zero cybersecurity tool as a lure to catch members of the security community.

The rogue websites replicate the legitimate version almost perfectly, which could confuse potential victims and increase the odds of a successful attack.

Flipper Zero is a popular device in the cybersec community. The pocket-sized tool mimics a beloved children’s toy but harbors powerful capabilities, ranging from RFID key cloning to sub-GHz, infrared and Bluetooth communication.

Since its remarkably successful launch on Kickstarter in 2020, Flipper Zero has drawn much hype, with many users demonstrating its capabilities on social media. Still, production issues have led to supply shortages.

Perpetrators are launching aggressive phishing campaigns to exploit the supply shortage and the hype surrounding the product.

Security analyst Dominic Alvieri spotted three distinct rogue Twitter accounts impersonating the official Flipper Zero account. One account even appeared to be using the same handle as the official Flipper Zero. However, upon closer examination, the researcher discovered that the fake account’s handle used a capital “I” instead of an “l.”

To increase its apparent legitimacy, the fake Twitter account even engaged with other Tweets and responded to users’ queries regarding the product’s availability. The accounts point to various fake shops pretending to sell the device, a protective case, and a Wi-Fi module at the same price as the official store.

Attempting to buy the product leads website visitors to a checkout page where they must hand over personal information, including their full names, email addresses and shipping addresses. Victims are then asked to choose between Bitcoin (BTC) and Ethereum (ETH) payment methods.

To prevent phishing, users should be wary of suspicious promotions and only buy the product from verified sources, including the official store and trusted third-party suppliers.

Dedicated software like Bitdefender Ultimate Security can keep you safe from phishing attempts and other cyberthreats with its extensive range of features, which includes:

• Anti-phishing module that detects and blocks websites that mimic trustworthy ones to steal your personal data or funds
• Anti-fraud filtering system that notifies you of websites that may try to scam you
• Antispam component that filters irrelevant messages in your local email clients’ inbox
• Web attack prevention module that assessesthe safety of your search results and blocks known infected links