Several verified Twitter accounts were hacked earlier on Tuesday. These accounts were used to promote a scam featuring the name of Tesla and Space X founder Elon Musk. The verified (blue ticked) accounts that were compromised inlcuded book publishing house Pantheon Books, Fashion retailers Matalan, film distributor Pathe UK among many more.
The hackers gained access to those accounts and then changed their names and profile pictures to that of Musk. Then they used the promoted tweets (a service where advertisers pay Twitter for their tweet to be seen by a wider audience) to quickly reach a lot of twitter users.
Here is a screenshot of the scam taken by one twitter user:
Latest scam- hack a verified account, say a fashion brand, change the name to Elon Musk, start scamming. Twitter has at last woken up and started deleting them. pic.twitter.com/GJJ5Qs2JNb
— Rory Cellan-Jones (@ruskin147) November 5, 2018
Here is another screenshot showing the compromised Marathon Artists account:
— Nigel Cox (@Harlekwin_UK) November 5, 2018
How did the scam work?
The scam was tweeted by many verified accounts on Twitter. With the names and profile pictures changed to match those of Elon Musk, most users mistook them for the official actual Elon Musk account. Most would overlook the account handle, which for the official Elon Musk account is @elonmusk.
The scam read “I’m giving 10000 Bitcoin (BTC) to all community! I left the post of director of Tesla, thank you all for your support! I decided to make the biggest crypto-giveaway in the world, for all my readers who use Bitcoin. Participate in giveway – musk.fund”.
To add to the intensity of the scam, other verified accounts, including the likes of blogger Sarah Scoop and boxer Rayton Okwiri, that had been compromised were used to comment on those scam tweets, writing that they had indeed received bitcoin from Elon Musk.
Here’s a screenshot of a compromised Swansea City Ladies account, making such a comment:
Oh God, not Swansea City Ladies!!
— Michael McGarrity (@michaelmcguk) November 5, 2018
Many of the scam tweets still contained the trademark of classic scams, odd grammatical structures, typos, and a request for money from the users before they can receive money themselves. In this case it urged users to send between 0.1 and 1 bitcoin ($645 – $6455) to them and they would send back 1 to 10 bitcoins ($6455 – $64551) in return.
Who would fall for that, right? Well according to reports, victims lost around $130,000 in this particular scam.
Many of the account holders have since taken back control of their twitter accounts and have deleted the scam tweets. Other accounts were left blank for the rightful owners to re-enter their name and add their profile pictures.
Here’s a tweet from Pathe UK, mentioning the hack:
Twitter was asked to comment on the hacks but it responded saying that it does not comment on individual accounts due for “privacy and security reasons”.
This isn’t the First Case
This isn’t the first time a scam of this nature has appeared on twitter. It isn’t even the first time a scam using the name of Elon Musk has appeared on the social media platform. The first wave of these scams appeared on March and they have since become so frequent that in October, Elon Musk himself joke tweeted about it, asking “Wanna buy some Bitcoin?”
Wanna buy some Bitcoin? 😉😉 pic.twitter.com/9ZbBJ5fuVq
— Elon Musk (@elonmusk) October 22, 2018
Twitter actually locked Musk’s account for some time, believing it had actually been compromised. Musk later tweeted this:
Twitter thought I got hacked & locked my account haha
— Elon Musk (@elonmusk) October 23, 2018
Musk’s regular twitter use has also met its fair share of criticism, following incidents such as the Tesla founder accusing someone of being a pedophile and also commenting that a funding deal to take Tesla private had been made when the deal had not yet been finalized.
The names of several other notable figures have also been used in similar crypto scams. Names of celebrities including the likes of Warren Buffet, President Donald Trump, Bill Gates and John McAfee have been used to crypto-scams.
In more serious cases, new accounts are first registered. They are then verified to get a blue tick mark and then changed to impersonate someone else.
What is Twitter doing about it?
Twitter says it is trying hard to combat these crypto-currency scams. A spokesperson for the social media platform made this comment in October:
“We are proactively tackling so-called cryptocurrency scams on the platform. In the last week alone, user impressions have fallen by a multiple of 10, a significant improvement on previous action rates.”
According to security experts, bots are now being used to automate such scams. And these bots are learning from past mistakes. One example is that they now know to slightly alter the stolen profile pictures to avoid detection.
Celebrities who have had their names used in these scams have complained about it, urging Twitter to take more serious steps to tackle the problem. Elon Musk sought the help of Dogecoin founder Jackson Palmer. Palmer responded by saying that social media platforms such as Twitter need to work on their scam finding algorithms. He says twitter needs an algorithm that can quickly identify and remove crypto-scams in the future.