Several
popular verified Twitter accounts have been hacked by scammers to promote an ad
using Tesla boss Elon Musk's name and likeness.
British
fashion retailer Matalan, film distributor Pathe UK and US publisher Pantheon
Books were among those whose accounts were taken over by scam artists.
The scam
used promoted tweets - where Twitter is paid by advertisers to make a tweet
appear to a wider audience.
The tweets
have since been deleted with many accounts recovered, though some were left
blank while waiting for their owners to re-enter their name and profile picture.
Scammers
targeted several "verified" accounts (denoted with a blue tick) and
changed the name and image to that of Mr Musk.
The tweet
then urged users to part with a small amount of Bitcoin - a digital currency -
to supposedly receive more.
Several
other verified accounts, which were also taken under the scam artists' control,
appear in the tweet's comments to claim that they have received Bitcoin from Mr
Musk.
A Twitter
spokesperson told the Media it "doesn't comment on individual accounts for
privacy and security reasons".
By using
accounts with Twitter's own verification mark (a blue tick), it makes the
account appear legitimate at first glance and thus may fool the reader into
thinking it is official.
But many of
the posts still bear the hallmarks of classic scams - including frequent
spelling errors (see "Bitcoic" and "suppoot" in the above
tweet) and a request for money.
The account
handle itself is also incorrect - a legitimate tweet from Elon Musk would read
@elonmusk beside the blue tick. In this case, it reads @patheuk - as the
account originally belonged to film distributor Pathe UK.
Clicking on
any of the links in the scam sends users to a page where they are urged to send
anywhere from 0.1-one Bitcoin (£491-£4,491) to the scammers - with the promise
that they would receive one-10 Bitcoin as a reward.
Victims do
not receive any Bitcoin after sending money to the scam artists.
The scam is
made to seem more trustworthy as various other compromised accounts reply to
the tweet claiming that it works.
For example,
the above tweet would appear to have been praised by verified accounts like
boxer Rayton Okwiri, blogger Sarah Scoop, and Swansea City AFC Ladies.
Promotion
The scam
tweet has been posted by several verified accounts on Twitter.
British
fashion retailer Matalan, film distributor Pathe UK and US publisher Pantheon
Books were among those whose accounts were reset after the hack.
Pathe UK
have since issued a statement to confirm that their account was "hacked by
an unknown third party".
The Pathe UK Twitter account was hacked
this morning by an unknown third party. A series of unauthorised tweets were
sent for which we apologise. The issue has now been resolved and we have taken
back control of our account.
— Pathé UK (@patheuk) November 5, 2018
An early
form of the scam was first spotted in March when accounts appeared simply using
Mr Musk's name and likeness to ask for Bitcoin.
It became so
frequent on the social network that the Tesla chief was briefly blocked from
his own Twitter account after he parodied the scam by sending a tweet asking:
"Wanna buy some Bitcoin?".
Wanna buy some Bitcoin? 😉😉 pic.twitter.com/9ZbBJ5fuVq
— Elon Musk (@elonmusk) October 22, 2018
Now the scam
has become more nuanced as it uses Twitter's own verification to make it more
convincing.
A Twitter
spokesperson told the Media that the company has "substantially improved
how we tackle crypto-currency scams on the platform".
"In
recent weeks, user impressions have fallen by a multiple of 10 as we continue
to invest in more proactive tools to detect spammy and malicious
activity."
Comments