Phishing

Phishing campaign targeted Flipper Zero buyers

Trying to phish anyone who knows about Flipper Zero is a bold move.
article cover

Flipper Devices

· 3 min read

Top insights for IT pros

From cybersecurity and big data to software development and gaming, IT Brew delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.

Looking to get your hands on the latest cybersecurity gadget? Be fearful of phishers flipping phony Flipper Zeros. A phishing campaign has targeted techies interested in the new (and popular) hacking tool, according to a report by Bleeping Computer.

The Flipper Zero is a wildly popular, crowdfunded handheld device designed to support penetration testers, amateur hackers, and cybersecurity pros alike—it can emulate RFID, clone access cards, and communicate via radio, NFC, infrared, and Bluetooth. It also has GPIO connectors for hardware connections. At $169, the device boasts a dual-core ARM processor and blurs the line between “geeky toy or serious security tool,” as ZDNet put it.

Besides viral TikTok videos, it’s useful at identifying which devices are transmitting data and how. According to Wired, potential capabilities include everything from cloning office ID badges to snatching credit card numbers from wallets and even unlocking older, insecure cars, though it has some restrictions built in as a soft deterrent against illegal usage.

Flipper Zero units are often out of stock on the official website—thanks to both production issues and revenue holdbacks by PayPal—presenting opportunities for anyone who claims to have it in stock. As Bleeping Computer reported, security analyst Dominic Alvieri tweeted earlier this month about the discovery of a phishing campaign using at least three Twitter accounts imitating the official Flipper Zero one (replacing the “L” in the name with an upper-case “I”) and directing interested parties to fake storefronts offering units for the inflated price of $199.

According to Bleeping Computer, at least one of the accounts responded to other users complaining about availability in an effort to direct sales to the fake online storefronts—themselves set up to look like the official Flipper Zero store. While the scammers behind the sites only accepted payments in Ethereum or Bitcoin, likely to make any payments irrecoverable, Bleeping Computer found crypto wallets displayed on the checkout page hadn’t received any payments, and order invoices set up using another site were displayed as expired.

The official Flipper Zero store is located here, although prospective buyers will need some luck (or a lot of page refreshes) to snatch one in stock.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected] Want to go encrypted? Ask Tom for his Signal.

Top insights for IT pros

From cybersecurity and big data to software development and gaming, IT Brew delivers the latest news and analysis of trends shaping the IT industry, like only The Brew can.