As the exodus from social media platform X to the new microblogging darling Bluesky continues security chiefs are warning new migrants to act with caution, as bad actors rush in to exploit potential users.
Actress Jamie Lee Curtis, The Guardian newspaper, and even the Clifton Suspension Bridge have joined swathes of people deserting Elon Musk’s social media site X.
Enter former Twitter chief Jack Dorsey’s new social network Bluesky, which is proving a popular alternative for microbloggers.
Until February users had to be invited to join Bluesky, but its numbers have surged in recent months: from nine million in September to more than 19 million by mid-November, a week after Trump was voted in President and Musk awarded an appointment in the Trump administration.
Founded in 2019, the relatively new site is not dissimilar to X’s, but it is ‘decentralised’ – meaning users can host their own data if they want. Users are also free to set up their own servers and communities on Bluesky, which are not controlled by the platform.
Some users regard it as a ‘safer’ platform as it has more security and privacy features, such as the ability to set profiles ‘private’ and end-to-end encryption for messages, which means that even Bluesky cannot ‘read’ messages sent on the platform.
However, security experts have warned that whenever people flock to new sites there are scammers waiting in the wings.
Erich Kron, a security awareness advocate at anti-phishing security platform KnowBe4 warned that some scammers have already taken advantage of budding users’ lack of knowledge around how to join the platform.
“With BlueSky being only available through invites for some time, scammers continue to work off that information, suckering people into paying for invites even though it is no longer necessary.
“Because people may be in a rush to stake a claim on their username or for other reasons, they may not research the fact that invites are no longer needed,” Kron warned.
Kron added that scammers are also likely to use this sense of urgency and popularity against people in social engineering attacks through email, text messages, or maybe even phone calls, providing offers to immediately increase follower counts and stake out popular names.
“The excitement around the growth of a new platform will help scammers take advantage of those not yet familiar with it,” he warned.
According to Kron, consumers should be especially careful around offers to increase follower accounts or visibility in exchange for money, or links to login pages where bad actors may attempt to steal unsuspecting consumer’s login credentials.
Jamie Beckland, chief product officer at APIContext, also warned brands, businesses, influencers and anyone using the platform to further their brand to watch out for cybersquatting – the illegal profiteering practice of registering or using a domain name that is like or identical to a brand or person’s existing domain name.
Beckland also warned users to be cautious about sharing any personal details over the new platform until they have reviewed the user profile to ensure it is not fraudulent.
“Take care to avoid anyone claiming you can get priority access or help boost your profile, especially if they are asking for payment,” he added.
