Twitter was recently rocked by a wave of verified accounts being hacked to promote a Bitcoin scam. This most current attack targeted several high profile accounts, including Apple, President Barack Obama, Kanye West, former VP Joe Biden, Bill Gates, and Elon Musk. While the takeover of accounts only lasted a couple hours, it did enough damage to crown itself as Twitter's largest security incident to date and garner an investigation from the FBI, amid national security concerns. Twitter Inc. has also taken its own preventative security measures, by locking certain users out of their accounts and preventing other accounts from sending tweets.
While this particular takeover quickly made headlines, due in part to the high profile status of the hacked Twitter accounts, this Bitcoin scam is (mostly) nothing new, especially in relation to Elon Musk. This seemingly simple scam of requesting Bitcoin from a verified account dates as far back as early 2018 when Musk was first targeted. The scam is somewhat elementary in theory - A verified account on Twitter is taken over and tweets out a message requesting a small amount of cryptocurrency like Bitcoin, in exchange for a much larger amount sent back. The reason this has continued to succeed for years is due to slight and clever variations of the takeover. This most recent attack however, is somewhat different.
How early takeovers, described by Wired, succeeded was through small and elusive tactics. One or two verified accounts would be hacked and then transformed to match a high profile account like Elon Musk. The scammers change the account name and avatar to match Musk's, then request Bitcoin. They then promote the post across as many timelines as possible to increase the chances of a victim taking the bait. It seems like these scams would be easy to track and prevent by Twitter, but it's not so simple. These scammers can elude Twitter's security algorithms by slightly varying the name or avatar of their new "verified" account using white space or unicode, tweeting slightly different characters to prevent pattern matching. The scams have even evolved to use other hijacked accounts to give likes to the tweet and comment that it worked for them, further adding credibility.
The most recent attack is the same scam in a broad sense, but with a much less subtle approach. Instead of hacking smaller verified accounts and manipulating them to look like more prominent verified users, this attack took over the actual accounts of several eminent individuals and tweeted out a similar request for Bitcoin transfers. Apart from past scam attempts, this attack appears to have began at Twitter directly, using its access to infiltrate the accounts. Twitter reported its investigation by stating, "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools." More details are sure to unfold as investigations push further, but one pattern that's easily identifiable is the targeting of Elon Musk.
Elon Musk has found no shortage of praise and notoriety on his Twitter feed. The Tesla and SpaceX CEO has nearly 40 million followers on the social media app, and is infamous for his spontaneous thoughts, such as his founding of The Boring Company after tweeting about being miserable, sitting in LA traffic. While he has gathered a loyal following due to his success in the tech world, his antics on Twitter are also a large contributor to his following. He has smoked weed on camera, sold flamethrowers, and most recently sold short shorts that simultaneously promote each Tesla model while subtly poking at the SEC who tried to sue him in 2018 because of... a tweet. This past behavior could be a large reason why he is such a common target to scammers. To followers of Musk, tweeting out the prospect of Bitcoin to a select few, sounds exactly like something he would do on a whim.
The cold hard truth in all of this is simple: Elon Musk is not going to send you Bitcoin. Ever. While these scams may raise some eyebrows initially, they are generally passed over as a clear scam or hack. Unfortunately, there are always a few followers out there that fall for these tricks, thus empowering scammers to continue their tirade. Sadly, those are the type of people these scammers are targeting. While this Bitcoin ring has remained somewhat small time in previous years, the most recent attack on Twitter to directly take over verified accounts is much more cause for concern. Federal Investigations and new security measures can hopefully put an end to these scams once and for all. For now, be very weary when you read verified tweets and try to hang on to your Bitcoin, as it might truly be worth something someday.
Source: Wired
from ScreenRant - Feed https://ift.tt/2OCGRUv
No comments: