Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter is Struggling To Contain the Bitcoin Scam Outbreak (usatoday.com)

Posted by ryuzaki0 on from the closer-look dept.

Google's official G Suite Twitter account is the latest victim of an ongoing bitcoin scam that has been plaguing the social media platform for the last few weeks. Earlier on Wednesday, Target saw a similar hack. From a report: G Suite might be the highest-profile target of the scam yet, which saw fake, promoted tweets that appeared to originate from the G Suite account pop up in users' timelines this afternoon, directing them toward a scammy bitcoin address as part of a "giveaway." From another report: The hackers have also hacked other high-profile accounts and made similar pledges, Twitter confirmed. In multiple cases, they have impersonated Elon Musk, the CEO of Tesla and SpaceX, and made a similar bitcoin pledge. To do so, they installed Musk's Twitter photo on the verified Twitter accounts they hacked and changed the accounts' display name to his. Musk's genuine Twitter account has not been compromised. In this incident, the scammers direct unsuspecting Twitter users to click on a giveaway link and to send bitcoin payments to them. By sending a certain amount, users are dubiously promised more bitcoin in return. Victims are also promised a chance at winning more. In some cases, the hackers have apparently paid Twitter to promote the ads. It was not immediately clear why Twitter was not able to stop those promotions from occurring.

25 of 52 comments (clear)

  1. Fake accounts for gathering fairy dust by WoodstockJeff · · Score: 4, Interesting

    Hacking the stupid is always easy.

    1. Re:Fake accounts for gathering fairy dust by alvinrod · · Score: 2

      Is this even hacking so much as social engineering? It sounds like the only step in here that might have involved hacking was getting access to an account with verified status, but my guess is that they used some form of social engineering to do that as well. Just target people with bogus emails claiming to be Twitter and eventually someone will enter their credentials into the bogus website you've set up or give the information to someone over the phone.

      I wish that the news media would quit getting everyone riled up about hacking, when hacking didn't occur. Social engineering is hardly new. Hell, it features quite prominently in the Bible among other stories that stretch back to antiquity.

    2. Re:Fake accounts for gathering fairy dust by Kaenneth · · Score: 5, Insightful

      Twitter needs to stop being retarded, and just remove the 'Verified' mark if a user changes their display name.

    3. Re:Fake accounts for gathering fairy dust by rtb61 · · Score: 1

      This kind of behaviour on crypto currencies will just get worse and worse, as the market shrinks to mainly criminals and the get rich quick gullibles, it is nasty and getting nastier, as the pool of money shrinks and the criminals are trying to steal as much as they can before the crypto ponzi lake mainly dries up. At foetid pool for nothing but criminal transactions will be all that remains better not have too much crypto, because they will find your remains after you fess up the password.

      --
      Chaos - everything, everywhere, everywhen
    4. Re:Fake accounts for gathering fairy dust by michelcolman · · Score: 1

      To be fair, the tweets appeared as replies to Musk's real tweets, had the same picture, the name "Elon Musk" and a very similar account name (e.g. "@elormusk"). The first time I saw one, I thought for a moment that it was genuine, it just seemed very strange for him to do anything like that. Then I read you were supposed to send a small amount first, which was even more suspicious, and then I finally noticed the slight difference in the account name.

      So I didn't fall for it, but apart from the unlikeliness of the whole thing, it wasn't that easy to spot as fake.

      It took a very long time for Twitter to do anything at all about this scam. How hard can it be to let someone take a second look at all acounts that are being renamed to "Elon Musk" or, as they started doing later, "Elon Musk " with a bunch of spaces behind the name? These campaigns have been going on for many months now.

    5. Re:Fake accounts for gathering fairy dust by michelcolman · · Score: 1

      Also, how hard can it be to spot a picture that's identical to the original?

      Of course the next step would be a picture with one or two pixels changed, or shifted by a few pixels, but a very simple AI should be able to deal with that just fine

      Then of course they could use adversarial pictures to fool the AI, but that would take a lot more expertise and knowledge of the exact AI used.

    6. Re:Fake accounts for gathering fairy dust by michelcolman · · Score: 1

      That would be a logical solution, indeed. I think you nailed it when you used the word "retarded".

  2. Legit offer by Anonymous Coward · · Score: 1

    For every one Bitcoin sent to this address:
    18awryFxpSG2C1PRHWCteoak94HfdFbnfD

    I will send 1000 Dogecoins in return! Simply reply with your Dogecoin address below!!

    This offer is 100% legit!!!

  3. The answer seems very simple... by Anonymous Coward · · Score: 1

    Display name changes of verified users must be explicitly approved, or require re-verification with the new name.

  4. Dear Twitter by mysidia · · Score: 1, Informative

    For starters..... make Two Factor Authentication using a hardware token such as Gsec token a mandatory requirement for enabling the Verified mark........ Secondly compromise of an official Google account makes one suspect exploitation of some kind of hole in Twitter's systems; mainly b/c Google goes the extra mile in regards to security ---- its difficult to imagine anyone could have scammed G suite creds from them easily. Also the sudden serial compromises of multiple other high-profile Twitter accounts that hadn't happened before? Very suspicious.

    1. Re:Dear Twitter by EvilSS · · Score: 2

      In that case the real G Suite account wasn't compromised, someone made a look-alike account and got the tweet promoted. Note in the article there isn't a check-mark on the scam tweet's account. Twitter does support hardware tokens, such as the Google Titan Fido U2F keys, which I'm sure the G Suite employees all have (since Google made them mandatory for employees/contractors).

      --
      I browse on +1 so AC's need not respond, I won't see it.
  5. Breaking News!!! by Anonymous Coward · · Score: 1

    Tesla investors are now calling on hackers to fully manage Elon Musks Twitter account.

    "We found that the hackers posts were actually less likely to draw SEC attention" said one investor.

    Another added "even after losing 10 Bitcoin to the scam we still did better than if we had allowed Elon to get us another $20m fine."

  6. "struggling" by bobmagicii · · Score: 1

    lol, struggling, yeah, right. correct headline "not really trying"

  7. Target scam was pretty good. by kiwioddBall · · Score: 5, Insightful

    I got this promoted post in my Twitter feed. I still don't know how it was done.

    Anything you say about being stupid ain't true. The only way of detecting it was a scam was that crypto was involved.

    The account was verified, it had the Target twitter picture, It was called Target, and the real clincher was that the address of the account was displayed as @Target (can't remember the upper or lower case). It looked identical.

    I was surprised, and visited tha actual Target twitter account to see their tweets and replies and couldn't see where this tweet had been posted. The only inconsistency.

    There were replies below the tweet that looked like they were from Best Buy etc that also looked genuine in the same way including the @ address.

    The fake Elon Musk tweets have his picture, are verified, have the elon musk name, but the @ address is always some rubbish. The Target post was not that.

    Twitter have some explaining to do.

    1. Re:Target scam was pretty good. by sourcerror · · Score: 1

      Well, Twitter was stupid to allow to change the name of a verified account without doing the verification again.

    2. Re:Target scam was pretty good. by OverlordQ · · Score: 1

      Those accounts aren't verified.

      --
      Your hair look like poop, Bob! - Wanker.
    3. Re:Target scam was pretty good. by GrumpySteen · · Score: 2

      The only way of detecting it was a scam was that crypto was involved.

      The whole thing was based on the most basic model of scams; "send us some money first and we'll send you even more in return!"

      Nobody should ever fall for that type of scam, but some people do because they're blinded by their own greed and they overlook clues that should be painfully obvious.

    4. Re:Target scam was pretty good. by radarskiy · · Score: 1

      "visited tha actual Target twitter account to see their tweets and replies and couldn't see where this tweet had been posted. The only inconsistency."

      A promoted post will not necessarily appear in the account's tweets. For example, @Apple has zero tweets but plenty of promoted posts.

    5. Re:Target scam was pretty good. by thegarbz · · Score: 1

      Of course they are. They just aren't verified as belonging to the account they claim they are. If you change your twitter handle you don't lose the verified mark.

    6. Re: Target scam was pretty good. by Megane · · Score: 1

      That was so far from left field that I had to use google to be sure I was remembering correctly. Too bad he wasn't able to set off that super earthquake. I guess he didn't die from that fall after all, there's still hope!

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  8. Re:Twitter doesn't care. by Anonymous Coward · · Score: 2, Informative

    It really takes so very little to trigger a rightwinger these days.

    Sorry, baby boys, the world is no longer a giant safe place for white male mediocrity!

  9. Few Weeks? by Thelasko · · Score: 1

    This has been going on for at least a year!

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
  10. Re:Twitter doesn't care. by Anonymous Coward · · Score: 1

    The NPC thing is hilarious because the talitrumpers just repeat stuff they've heard all the time without actually thinking about it. Especially the NPC meme. Self awareness has never been a strong suit for the trumptards.

  11. This should be simple by Anonymous Coward · · Score: 1

    If a tweet or ad promotes bitcoin or blockchain, it's a scam.

  12. Saw it 3 times by mhkohne · · Score: 1

    Under different names. I didn't screen shot them, but it looked to me like the text was the same on each of them. I'm unclear why they simply couldn't cut off any promoted tweet with the offending text.

    Honestly, if I were them, I'd simply cut off any promotions featuring bitcoin and be done with it.

    --
    A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.