Security News > 2021 > December > Twitter bots pose as support staff to steal your cryptocurrency
If those phrases are present, these same programs will direct Twitter bots under the scammer's control to automatically reply to the tweets as fake support agents with links to scams that steal cryptocurrency wallets.
In tests conducted by BleepingComputer, tweets containing the words 'support,' 'help,' or 'assistance' along with the keywords like 'MetaMask,' 'Phantom,' 'Yoroi,' and 'Trust Wallet' will result in almost instantaneous replies from Twitter bots with fake support forms or accounts.
All of the scammer's replies share a common purpose - to steal the recovery phrases for a victim's wallet, which the attackers can then use to import the wallet onto their own devices.
To steal the recovery phrases, the threat actors set up support forms on Google Docs and other cloud platforms.
These forms impersonate a basic support form, asking the user for their email address, the problem they are having, and their wallet's recovery phrase, as shown by the fake MetaMask support form below.
Once the recovery phrase is sent to the attackers, it's game over and they now have full access to the cryptocurrency within your wallet and can transfer it to other wallets under their control.