Twitter cryptocurrency scams: A hundred Elon Musks — and now Target

November 13, 2018

“We are celebrating and giving away N bitcoins to our fans! Just transfer 0.01 BTC to the wallet below and we’ll return 0.1 BTC!” That’s what an average cryptocurrency scam looks like.

Of course, once you’ve transferred your cryptocurrency to the specified wallet, no one is going to pay you back. Those who posted the tweets were just scammers looking for easy money (and it’s rather hard to catch them; bitcoin provides some degree of anonymity). Who is going to fall for that? Actually, a lot of people — if the scam is presented to them by someone they trust.

A short history of Twitter cryptocurrency scams

Cryptocurrency scams first came to light when scammers pretending to be Elon Musk, CEO of Space X and Tesla, claimed to be giving away Ethereum for whatever reason, be it the launch of the new Space X rocket or the production of yet another Tesla car.

Elon Musk uses Twitter quite a lot for PR and communication, and he has more than 20 million followers. The scammers created accounts that borrowed his avatar and his name, as well as similar Twitter handles (say @elonmask instead of @elonmusk). Then, using these accounts, they replied to his original posts, promoting fake giveaways so that they looked like they came from Musk himself — unless, of course, you were paying close attention.

The technique worked, and cryptocurrency scams started gaining momentum. At some point, Twitter even started preemptively banning accounts that changed their name to Elon Musk.

Scammers then moved on to exploiting other Twitter celebrities such as Bill Gates, Pavel Durov (creator of vk.com and Telegram), Vitalik Buterin (creator of Ethereum cryptocurrency), and more. They also used bots that shared spam links, following other fake accounts, and producing retweets and likes to promote those cryptocurrency scams. Researchers from Duo Security discovered a large network of these bots that were following, liking, and retweeting each other.

At some point, scammers started hijacking verified accounts, using them to increase their posts’ persuasiveness. When yet another Ælon Müsk announced yet another crypto-giveaway, it looked significantly more convincing if verified accounts commented positively on it, claiming to have received their bitcoins. For example, recently hacked accounts include ones belonging to the Indian consulate in Frankfurt and to a consulting company called Capgemini.

Some scammers tried renaming other hacked verified accounts to look like Elon Musk (using letter “o” in Cyrillic or similar to keep Twitter from noticing and banning them) and using them to announce cryptocurrency scams and to add to the scams’ legitimacy.

The latest tech: Ads from verified accounts

In this stage of the cryptocurrency scam evolution, perpetrators began replacing tweets with Twitter ads posted in the name of verified (but fake) accounts of the sort discussed in the previous section. It makes sense: Twitter ads have no comments, so there’s no way to warn potential victims.

And now, cryptocurrency scammers have gone even further. Their latest technique makes those scams even more convincing. Recently, they compromised Target’s Twitter account — but instead of posting a normal tweet (which would be spotted quickly by Target’s employees and followers), the scammers decided to run an ad promoting their cryptocurrency scam.

An ad from official Target's account promoting cryptocurrency giveaways

It looked really convincing:

  • It was an official ad;
  • It was from Target’s official, verified account.

Target is unlikely to be the last victim of this kind of attack, so stay alert and don’t trust any cryptocurrency giveaways, no matter who’s promoting them.

Update, November, 15

Just as we predicted, Target was not the last victim: Somebody has compromised the Twitter account of Google’s G Suite collaboration and productivity apps and used it for the very same purpose, publishing ads for yet another cryptocurrency scam.

It’s also noteworthy that people from communities not related to IT and tech are starting to see cryptoscams as well. Malefactors have hacked the Twitter accounts of an Italian tennis player, cosmetics store The Body Shop, a Spanish university sports team, and many more.

That brings us to another piece of advice. If you have a Twitter account (especially a verified one), take the time to think about its security: Make sure that you have a long and unique password and that you’ve enabled two-factor authentication. You can read more about how to set up Twitter securely in this post.