Twitter is Struggling To Contain the Bitcoin Scam Outbreak

Google's official G Suite Twitter account is the latest victim of an ongoing bitcoin scam that has been plaguing the social media platform for the last few weeks. Earlier on Wednesday, Target saw a similar hack. From a report: G Suite might be the highest-profile target of the scam yet, which saw fake, promoted tweets that appeared to originate from the G Suite account pop up in users' timelines this afternoon, directing them toward a scammy bitcoin address as part of a "giveaway." From another report: The hackers have also hacked other high-profile accounts and made similar pledges, Twitter confirmed. In multiple cases, they have impersonated Elon Musk, the CEO of Tesla and SpaceX, and made a similar bitcoin pledge. To do so, they installed Musk's Twitter photo on the verified Twitter accounts they hacked and changed the accounts' display name to his. Musk's genuine Twitter account has not been compromised. In this incident, the scammers direct unsuspecting Twitter users to click on a giveaway link and to send bitcoin payments to them. By sending a certain amount, users are dubiously promised more bitcoin in return. Victims are also promised a chance at winning more. In some cases, the hackers have apparently paid Twitter to promote the ads. It was not immediately clear why Twitter was not able to stop those promotions from occurring.

Fake accounts for gathering fairy dust

[WoodstockJeff]

Hacking the stupid is always easy.

Re:Fake accounts for gathering fairy dust

[alvinrod]

Is this even hacking so much as social engineering? It sounds like the only step in here that might have involved hacking was getting access to an account with verified status, but my guess is that they used some form of social engineering to do that as well. Just target people with bogus emails claiming to be Twitter and eventually someone will enter their credentials into the bogus website you've set up or give the information to someone over the phone.

I wish that the news media would quit getting everyone riled up about hacking, when hacking didn't occur. Social engineering is hardly new. Hell, it features quite prominently in the Bible among other stories that stretch back to antiquity.

Re:Fake accounts for gathering fairy dust

[Kaenneth]

Twitter needs to stop being retarded, and just remove the 'Verified' mark if a user changes their display name.

Target scam was pretty good.

[kiwioddBall]

I got this promoted post in my Twitter feed. I still don't know how it was done.

Anything you say about being stupid ain't true. The only way of detecting it was a scam was that crypto was involved.

The account was verified, it had the Target twitter picture, It was called Target, and the real clincher was that the address of the account was displayed as @Target (can't remember the upper or lower case). It looked identical.

I was surprised, and visited tha actual Target twitter account to see their tweets and replies and couldn't see where this tweet had been posted. The only inconsistency.

There were replies below the tweet that looked like they were from Best Buy etc that also looked genuine in the same way including the @ address.

The fake Elon Musk tweets have his picture, are verified, have the elon musk name, but the @ address is always some rubbish. The Target post was not that.

Twitter have some explaining to do.

Re:Target scam was pretty good.

[GrumpySteen]

The only way of detecting it was a scam was that crypto was involved.

The whole thing was based on the most basic model of scams; "send us some money first and we'll send you even more in return!"

Nobody should ever fall for that type of scam, but some people do because they're blinded by their own greed and they overlook clues that should be painfully obvious.

Re:Twitter doesn't care.

It really takes so very little to trigger a rightwinger these days.

Sorry, baby boys, the world is no longer a giant safe place for white male mediocrity!

Re:Dear Twitter

[EvilSS]

In that case the real G Suite account wasn't compromised, someone made a look-alike account and got the tweet promoted. Note in the article there isn't a check-mark on the scam tweet's account. Twitter does support hardware tokens, such as the Google Titan Fido U2F keys, which I'm sure the G Suite employees all have (since Google made them mandatory for employees/contractors).