Above the fold is Aspectus’s regular feature shining a spotlight on the major stories in the technology, digital, energy and financial services sector.
On Monday, Bitcoin scammers hacked into multiple Twitter company accounts, many of which were popular and verified. Once they were able to access the account, they edited the profile to appear as Tesla chief, Elon Musk. The miscreants planned to use Musk’s name to trick users into believing it was a real giveaway promotion which encouraged them to send Bitcoin.
Why it’s important?
This type of scam is common in the cryptocurrency market space. And not only is it an issue for consumers, but it’s also important for business leaders on social media to be aware of too. Appearing as though it’s a legitimate giveaway from a trusted, verified and high-profile source could easily fool anyone and tarnish an exec’s social media presence in the process, which has taken time and effort to build over a long period.
What the expert had to say:
Our client Chris Boyd, lead malware intelligence analyst at Malwarebytes, had this to say about the scam, “Twitter sponsored ads have been home to scammers for some time, with a number of different techniques used to get what they want. Back in 2016, we discovered phishers offering up the promise of account verification via rogue sponsored ads. The landing page was nothing more than a credit card phish, and this technique has slowly declined while fake Elon Musk accounts pushing bogus “get rich quick” ads are riding high in the popularity stakes.
Being able to hijack verified accounts is a potential goldmine for crypto scammers banking on the visibility of the Tesla CEO. Verified entities don’t need any extra requirements to change basic profile details such as name or avatar, and once the account is compromised you can then start pushing rogue ads under the guise of ‘Elon’.”
He added, “There’s no easy way to force verified users to keep security settings such as two-factor enabled, and all it takes is one successful phish to set a scam in motion. Many verified accounts are used by multiple people, and I suspect some switch off some of the security features for ease of use – that’s where things tend to start going wrong.”