Story by: Makena Kelly
Hackers were able to compromise Targetâ€™s Twitter account early this morning for use in a bitcoin scam that has been ramping up over the past few months.
This isnâ€™t an isolated event, either. The scammers started by making fake accounts impersonating Elon Musk, an act that is against Twitterâ€™s Terms of Service. The accounts would post scammy links under Muskâ€™s tweets that asked users to send a small amount of bitcoin in order to receive a larger amount. Itâ€™s a confusing enough tactic that, according to TechCrunch, has been a profitable endeavor, making the hackers over $37,000 in cryptocurrency in just a few hours.
â€œEarly this morning, Targetâ€™s Twitter account was inappropriately accessed. The access lasted for approximately half an hour and one fake tweet was posted during that time about a bitcoin scam,â€ Target said in a statement to The Verge. â€œWeâ€™re in close contact with Twitter, have deleted the tweet and have locked the account while we investigate further.â€
In July, Twitter revved up its efforts to stop these scams by automatically locking unverified accounts that changed their display names to â€œElon Musk.â€ It looks as though, to avoid having their accounts locked, the scammers have pivoted to hacking. By hacking verified accounts, theyâ€™re able to impersonate Musk without being locked out, and the scam is even more believable with the little blue checkmark next to the familiar name.
In Targetâ€™s case, the account was briefly hacked, and in that time, scammers were able to produce a tweet with the link that was then approved as an ad by Twitter. Screenshots have surfaced showing that the scammy tweet was â€œPromoted,â€ meaning that this obvious and well-known scam made it past the Twitter team that vets ads. Twitter hasnâ€™t responded to a request for comment.
Target is only the latest example of this scam, and perhaps the one with the largest following. Other influential users, like Rep. Frank Pallone (D-NJ), also had their accounts hacked for use in this scam. Palloneâ€™s campaign account was compromised just a day before the 2018 midterm elections. His account didnâ€™t sponsor any ads, but others like Capgemini Australia, PathÃ© Films, and Pantheon Books had ads for this scam approved as well.
The scam could easily be combated by requiring verified users to secure their accounts with two-factor authentication, but as of right now, Twitter doesnâ€™t require any users do so. Until then, itâ€™s likely that these hacks will continue, and many more people will be tricked into handing over their cryptocurrency.
Original story by: https://tinyurl.com/y7rfk4ms