Tesla, Inc. is an American multinational automotive and clean energy company headquartered in Austin, Texas.
During our PreCrime internet scout of November 25th 2022 we identified suspicious markers across multiple vectors. One of those was this website spoof that could be targeting unsuspecting customers of Tesla.
The Attack
Legitimate site :
tesla[.]com
Malicious domain :
teslaofficial[.]org
This attack shows a brand impersonation attack on one of the world’s most valuable companies, American multinational automotive and energy company, Tesla.
Malicious site
How does this attack work ?
-
The malicious domain leads users to a crypto giveaway scam, seemingly from Tesla. Users may be led to this site through social engineering campaigns, such as posting about the crypto giveaway event through email and social media. An example of this is showed in the image below, wherein victims were led to a different malicious scam through a fake twitter account impersonating Elon Musk.
-
When opening the malicious domain users are directed to a site offering the “biggest giveaway crypto of $100,000,000“. The website asks users to make a transaction using any crypto wallet via QR codes to verify their wallet, whereafter they will allegedly send the users back a profit of 200% of the amount they transacted. The site argues that they are doing this in order “to speed up the process of cryptocurrency mass adoption“.
How do they trick users into believing the attack is real ?
-
Using a domain name similar to Tesla, and using words such as official in an attempt to trick customers into believing that the giveaway is legitimate.
-
Using branding from Tesla including the same logo, colours and font. As well as adding a picture of the well-known CEO of Tesla Elon Musk.
Why is this a threat ?
- Stealing crypto is incredibly attractive to scammers since there is no connected bank or centralised authority that can flag suspicious transactions. Additionally, cryptocurrency transactions are irreversible, meaning that once a victim has sent money to the scammer, there is no way to get that money back.
- Cryptocurrency scamming is becoming increasingly popular, with around 1 billion USD lost to scammers in since the start of 2021 according to the Federal Trade Commission. With a median individual loss reportedly around 2,6 thousand USD.
Identification and threat analysis
Technical Report
The technical report below helps emphasize the differences in terms of DNS records between the malicious domain, and the legitimate domain.
Domain |
teslaofficial[.]org |
tesla[.]com |
---|---|---|
Registrar |
NICENIC INTERNATIONAL GROUP CO., LIMITED |
MarkMonitor, Inc. |
Registrant Country |
Russia |
United States |
Domain Age |
1 day old 24 November 2022 |
10,978 days old 4 November 1992
|
Certificate |
Issued by: Google Trust Services LLC Issued to: teslaofficial[.]org Domain validated 24-11-2022 -> 24-11-2023 Valid for 1 year |
Issued by: DigiCert Inc Issued to: TESLA, INC. Organisation validated 28-03-2022 -> 28-03-2023 Valid for 1 year
|
Name Servers |
a12-64.akam.net a1-12.akam.net a9-67.akam.net a28-65.akam.net a7-66.akam.net a10-67.akam.net edns69.ultradns.com |
|
MX record |
N/A |
tesla-com.mail.protection.outlook.com |
Last seen active |
25 November |
25 November |
IP address |
104.21.5.45, 172.67.132.245 Chantilly, Virginia, United States AS13335 Cloudflare, Inc. ISP: Cloudflare, Inc. |
184.30.18.203 Frankfurt, Hesse, Germany AS16625 Akamai Technologies, Inc. ISP: Akamai Technologies, Inc.
23.9.66.10 Chennai, Tamil Nadu, India AS16625 Akamai Technologies, Inc. ISP: Akamai Technologies, Inc.
184.85.228.70 Los Angeles, California, United States AS16625 Akamai Technologies, Inc. ISP: Akamai Technologies, Inc.
104.119.104.74 Singapore, Singapore AS16625 Akamai Technologies, Inc. ISP: Akamai Technologies, Inc.
96.16.108.43 London, England AS16625 Akamai Technologies, Inc. ISP: Akamai Technologies, Inc.
23.201.26.71 New York, United States AS16625 Akamai Technologies, Inc. ISP: Akamai Technologies, Inc. |
How Bfore.Ai is protecting our customers
At Bfore.Ai, we work daily to ensure these phishing attacks get stopped before even reaching their targets. We are here to make your internet journey safer than it has ever been.
With more than 30K new malicious indicators per day we got you covered no matter where the attack comes from. Only 0.05% false positive rate, stop wasting time in false alerts chasing. By launching our PreCrime and PreEmpt technologies, we measure our anticipation from an attack starting, faster than attackers.
Accepting that the only defense is good detection, is accepting to be forever a victim. We believe in prevention more than response. Visit our website for more information !
Bfore.Ai’s recommendations
Every day, adversarial tactics become more collaborative, technologically advanced, and rapid – and at this rate, you simply can’t afford to wait for the next attack before you react. Here are some recommendations from our team :
- If in doubt whether an email or social media post is legitimate, never click on any links. Go to the legitimate website’s domain instead via a search engine.
- Always double check the domain name to make sure it is the legitimate one.
- Giveaways such as these are very rarely legitimate. Additionally, legitimate cryptocurrency companies will never ask users to send crypto in order to receive crypto.
- Keep your accounts separate. Do not link crypto brokerage accounts and traditional bank accounts to keep your other accounts safe in the event that they become compromised.
Appendix
This document and its contents do not constitute, and are not a substitute for, legal advice. The outcome of a Security Risk Assessment should be utilized to ensure that diligent measures are taken to lower the risk of potential weaknesses be exploited to compromise data.
Although the Services and this report may provide data that Client can use in its compliance efforts, Client (not Bfore.Ai) is ultimately responsible for assessing and meeting Client’s own compliance responsibilities. This report does not constitute a guarantee or assurance of Client’s compliance with any law, regulation or standard.