[SCAM ALERT 069] – Tesla

SCAM ALERT (15)

Tesla, Inc. is an American multinational automotive and clean energy company headquartered in Austin, Texas.

During our PreCrime internet scout of November 25th 2022 we identified suspicious markers across multiple vectors. One of those was this website spoof that could be targeting unsuspecting customers of Tesla.

The Attack

Legitimate site :
tesla[.]com

Malicious domain :
teslaofficial[.]org

This attack shows a brand impersonation attack on one of the world’s most valuable companies, American multinational automotive and energy company, Tesla.

Malicious site

malicious tesla

How does this attack work ?

  • The malicious domain leads users to a crypto giveaway scam, seemingly from Tesla. Users may be led to this site through social engineering campaigns, such as posting about the crypto giveaway event through email and social media. An example of this is showed in the image below, wherein victims were led to a different malicious scam through a fake twitter account impersonating Elon Musk.

image-20221125-145207

  • When opening the malicious domain users are directed to a site offering the “biggest giveaway crypto of $100,000,000“. The website asks users to make a transaction using any crypto wallet via QR codes to verify their wallet, whereafter they will allegedly send the users back a profit of 200% of the amount they transacted. The site argues that they are doing this in order “to speed up the process of cryptocurrency mass adoption“.

    tesla1

How do they trick users into believing the attack is real ?

  • Using a domain name similar to Tesla, and using words such as official in an attempt to trick customers into believing that the giveaway is legitimate.

  • Using branding from Tesla including the same logo, colours and font. As well as adding a picture of the well-known CEO of Tesla Elon Musk.

Why is this a threat ?

  • Stealing crypto is incredibly attractive to scammers since there is no connected bank or centralised authority that can flag suspicious transactions. Additionally, cryptocurrency transactions are irreversible, meaning that once a victim has sent money to the scammer, there is no way to get that money back.
  • Cryptocurrency scamming is becoming increasingly popular, with around 1 billion USD lost to scammers in since the start of 2021 according to the Federal Trade Commission. With a median individual loss reportedly around 2,6 thousand USD.

Screenshot 2022-09-23 at 11.53.07

Source: Federal Trade Commission
Identification and threat analysis
Technical Report

The technical report below helps emphasize the differences in terms of DNS records between the malicious domain, and the legitimate domain.

Domain

teslaofficial[.]org

tesla[.]com

Registrar

NICENIC INTERNATIONAL GROUP CO., LIMITED

MarkMonitor, Inc.

Registrant Country

Russia

United States

Domain Age

1 day old

24 November 2022

10,978 days old

4 November 1992

Certificate

Issued by: Google Trust Services LLC

Issued to: teslaofficial[.]org

Domain validated

24-11-2022 -> 24-11-2023

Valid for 1 year

Issued by: DigiCert Inc

Issued to: TESLA, INC.

Organisation validated

28-03-2022 -> 28-03-2023

Valid for 1 year

Name Servers

vicky.ns.cloudflare.com.

annalise.ns.cloudflare.com

a12-64.akam.net

a1-12.akam.net

a9-67.akam.net

a28-65.akam.net

a7-66.akam.net

a10-67.akam.net

edns69.ultradns.com

MX record

N/A

tesla-com.mail.protection.outlook.com

Last seen active

25 November

25 November

IP address

104.21.5.45, 172.67.132.245

Chantilly, Virginia, United States

AS13335 Cloudflare, Inc.

ISP: Cloudflare, Inc.

184.30.18.203

Frankfurt, Hesse, Germany

AS16625 Akamai Technologies, Inc.

ISP: Akamai Technologies, Inc.

23.9.66.10

Chennai, Tamil Nadu, India

AS16625 Akamai Technologies, Inc.

ISP: Akamai Technologies, Inc.

184.85.228.70

Los Angeles, California, United States

AS16625 Akamai Technologies, Inc.

ISP: Akamai Technologies, Inc.

104.119.104.74

Singapore, Singapore

AS16625 Akamai Technologies, Inc.

ISP: Akamai Technologies, Inc.

96.16.108.43

London, England

AS16625 Akamai Technologies, Inc.

ISP: Akamai Technologies, Inc.

23.201.26.71

New York, United States

AS16625 Akamai Technologies, Inc.

ISP: Akamai Technologies, Inc.

Screenshot 2022-11-25 at 15.34.33

 

How Bfore.Ai is protecting our customers

At Bfore.Ai, we work daily to ensure these phishing attacks get stopped before even reaching their targets. We are here to make your internet journey safer than it has ever been.

With more than 30K new malicious indicators per day we got you covered no matter where the attack comes from. Only 0.05% false positive rate, stop wasting time in false alerts chasing. By launching our PreCrime and PreEmpt technologies, we measure our anticipation from an attack starting, faster than attackers.

Accepting that the only defense is good detection, is accepting to be forever a victim. We believe in prevention more than response. Visit our website for more information !

Bfore.Ai’s recommendations

Every day, adversarial tactics become more collaborative, technologically advanced, and rapid – and at this rate, you simply can’t afford to wait for the next attack before you react. Here are some recommendations from our team :

  • If in doubt whether an email or social media post is legitimate, never click on any links. Go to the legitimate website’s domain instead via a search engine.
  • Always double check the domain name to make sure it is the legitimate one.
  • Giveaways such as these are very rarely legitimate. Additionally, legitimate cryptocurrency companies will never ask users to send crypto in order to receive crypto.
  • Keep your accounts separate. Do not link crypto brokerage accounts and traditional bank accounts to keep your other accounts safe in the event that they become compromised.

PreCrime Landscape Report Promo Blog Ad

Appendix

This document and its contents do not constitute, and are not a substitute for, legal advice. The outcome of a Security Risk Assessment should be utilized to ensure that diligent measures are taken to lower the risk of potential weaknesses be exploited to compromise data.

Although the Services and this report may provide data that Client can use in its compliance efforts, Client (not Bfore.Ai) is ultimately responsible for assessing and meeting Client’s own compliance responsibilities. This report does not constitute a guarantee or assurance of Client’s compliance with any law, regulation or standard.