Scammers have taken control of multiple verified Twitter accounts to impersonate Tesla CEO Elon Musk and promote a Bitcoin scam.
This morning hackers changed British film distribution company Pathe Films’s Twitter account name to Elon Musk and copied the CEO’s Twitter picture. The scammers retweeted around a dozen Elon Musk tweets to lend it an air of credibility and pinned a tweet with a link to the crypto scam.
The scam asks users to send 0.1 Bitcoin (BTC), with the promise that they would receive 20 BTC in exchange.
As Pathe Films regained control of its account, it emerged that publishing house Pantheon Books’ Twitter account had been compromised by the same scam.
The Tweets, now both deleted read:
“I’m giving 10,000 Bitcoin (BTC) to all community! I left the post of director of Tesla, thank you all for your support! I decided to make the biggest crypto-giveaway in the world, for all my readers wh use Bitcoin. Participate in giveaway – musk.plus.”
A few minutes ago I saw this promoted tweet (a paid ad) from "Elon Musk" offering a free Bitcoin. All you have to do is send 'him' 0.1btc first – approximately 650 dollars. pic.twitter.com/6eNTZBYQbP
— Arieh Kovler (@ariehkovler) November 5, 2018
More than $30,000 stolen
The link takes users to an unsecured page, which asks users to verify their address by sending 0.1 Bitcoin to get 20 in return. A progress bar shows the supposed number of free Bitcoin left slowly dwindling, as well as updates purporting to show live transactions.
While the page bears the hallmarks of a scam, using Musk as the bait lends the scam an air of believability. Musk is known for making jokes on Twitter, such as a recent post claiming that he had bought popular game Fortnite and deleted it.
The limited availability of the supposed Bitcoin also mirrors one of Musk’s previous stunts in which his Boring Company sold 20,000 flamethrowers.
And it seems that the Elon Musk Bitcoin scam has worked on some, with the post gaining thousands of likes and retweets. Fossbytes is reporting that 6 BTC (around $38,000) has been sent to the hacker’s wallet within 24 hours.
The latest Elon Musk Bitcoin scam exploits Twitter’s blue tick verification
It is not the first time that Elon Musk’s identity has been used by cryptocurrency scammers. In March the BBC reported that there were many fake Musk profiles promoting crypto scams.
These accounts were further promoted by bots, but it was notable that these accounts did not have Twitter’s blue tick verification – something that hackers bypassed this time around.
“Gaining access to a social media account is an excellent method of delivering malicious content, especially a verified account,” explains Ed Williams, director EMEA at SpiderLabs at Trustwave, a cybersecurity company.
“The blue tick in this scenario implies a trusted account. I would consider this is a low-tech attack, although I suspect that it will be successful in the short-term.”
“Whilst we don’t know the sophistication of the attack, I would always recommend that all social media accounts are protected with MFA (multi-factor authentication) and a strong, non-shared account.
He added that the MFA “should not use SMS as its delivery method as this method is known to be weak and abused by threat actors”.
High profile Twitter hack “not unusual”
Joseph Carson, chief security scientist at cybersecurity company Thycotic, said that it’s “not unusual for high profile twitter accounts to be taken over by cybercriminals in an attempt to damage reputation or cause financial fraud.”
“Twitter accounts are only as secure as the people using them and in most situations only a password is between the owner and the cybercriminals from abusing the accounts.”
He also recommended that verified accounts use multi-factor authentification.
The tweet was also promoted, which, as well as meaning Twitter has profited from a scam, raises questions about Twitter’s screening process for adverts.
Pathe Films has over 20,000 Twitter followers, while Pantheon Books more than 70,000. At the time of writing, Pantheon Books has removed the tweet promoting the scam and the profile picture of Elon Musk.
However, the account still bears his name and the SpaceX and Musk retweets remain.
Update: Since publishing, Matalan’s Twitter account was compromised and over £120,000 has been stolen by scammers.