Flipper Zero, a portable multitool for pentester is priced at $200, is a popular product that has recently been sold out among penetration testers and hackers. This, called ‘hacker’s Tamagochi’ due to its appearance, has been reviewed on various security communities such as TikTok, Twitter, and Telegram. Popularity skyrocketed, and ‘Flipper zero’ is flying off the shelves in an online store. A recent article by Bleeping Computer reported that phishing attackers seek chances, from this situation, to fool customers through ‘Flipper Zero’ Phishing site  that look like official sales sites to induce people to pay in cryptocurrencies such as Bitcoin. Of course, a purchaser will get nothing.

It’s an interesting irony that these hackers are targeting hackers, penetration testers and security researchers vying to purchase Flipper Zeroes for themselves.

Flipper Zero Phishing Site vs. Official Site

We visited several Flipper Zero phishing sites found on SNS like Twitter.

They camouflage with similar URLs and favicons that, if you are not a frequent visitor, it is almost impossible to notice the phishing site as below. 

Smart Way to Check Fake Flipper Zero Websites

We can spot differences between the official site and the phishing sites in the URL, page UI, logo, etc.

A more accurate and faster way to check is to use the OSINT search tool. 

On Criminal IP’s Domain Search, input ‘flipperzerovendoronline[.]com‘, or ‘flipperzeroinstock[.]net which is not yet known as phishing on Twitter and other social networks.  

Then it will lead you to the result below.

The result shows that phishing sites are using malicious domains, and the algorithm tells us the phishing probability is over 50%.

In particular, the Newborn Domain information shows that it has been for one and a half months. Still, there are attempts to generate new ‘Flipper Zero’ phishing sites that recommend being aware of the OSINT tool to prevent being a victim.

Some detecting tools for phishing rely on user reports, Google results, and phishing check websites, but these are the reactive approaches that only can detect after being reported. In other words, it is impossible to detect newborn phishing sites.

Domain Search results of malicious IP associated with Flipper Zero phishing site of screenshots
Domain Search results of malicious IP associated with Flipper Zero phishing site of screenshots

Criminal IP, a proactive way of detecting phishing sites, shows real-time screenshots, technology used, and mapped IPs on ‘Domain Search’. This includes recently emerging domains.

Flipper Zero Phishing Attack Likely to Spread

In TikTok, a video platform, several users review the ‘Flipper Zero’ to upload hacking videos and get thousands and millions of views. ‘Flipper Zero’ gets famous not only to hackers but also to generals, so it is necessary to be aware of ways to check phishing sites to prevent being victims.

Also, the fact that such phishing damage continues is one of the reasons why phishing prevention methods using the OSINT search engine are necessary not only for those in security-related occupations but also for general internet users.

Check out this article on Instagram Phishing Scams for relevant information.