Hackers continued to target Twitter users today using a set of compromised verified Twitter accounts to promote a Bitcoin scam. This time an account belonging to United States-based retailer Target was used to post the scam tweet to almost 2m followers.
Target’s account was used to tweet a message claiming: “We (sic) giving 5 000 Bitсoin (BTС) tо аll community! We present cryptocurrency payments for your purchases in our store, and want to celebrate this event with all users! We organize the biggest crypto-giveaway in the world!”
The message claimed that, by sending a certain amount of Bitcoin to the scammers’ wallet, they would receive a larger amount in return.
Twitter users saw the tweet in their timelines where it was promoted.
According to records on Blockchain.com, more than $37,000 worth of bitcoin has already been sent to the Twitter scammers’ bitcoin wallet after other verified Twitter accounts were hacked and used to promote the scam tweet from Target.
The assumption is that these scammers are the same people who promoted a scam tweet designed to appear like it had come from Tesla CEO Elon Musk’s Twitter account earlier this month.
A Target spokesman told Hard Fork:
“Early this morning, Target’s Twitter account was inappropriately accessed. The access lasted for approximately half an hour and one fake tweet was posted during that time about a Bitcoin scam.
“We’re in close contact with Twitter, have deleted the tweet and have locked the account while we investigate further.”
The blue tick verified badge is supposed to “let people know that an account of public interest is authentic”, says Twitter on its website.
However, scammers are using verified accounts that they have compromised to fake legitimacy when targeting Twitter users.
The scammers also retweeted and replied to the scam tweet from other hacked verified accounts to make the crypto-giveaway appear more legitimate.
Other verified Twitter accounts seemingly hacked by the bitcoin scammers include Universal Music Czech Republic, The Body Shop USA, The University of Toledo’s Athletics Department, and Under Armour Baseball Japan, and even the United Nations Refugee Agency in Serbia.
Twitter scams are becoming more frequent
Twitter hacks are an ongoing problem for the social media platform, with hacks around cryptocurrency happening more and more in the last few weeks.
Matalan’s Twitter account was hacked after Elon’s Musk’s last week and over £120,000 was subsequently stolen by the scammers.
On 5 November, the hackers got into the British film distribution company Pathe Films’ Twitter account, where they changed the name to Elon Musk and copied his Twitter picture.
The scammers retweeted around a dozen Elon Musk tweets to lend it an extra air of credibility and pinned the crypto scam tweet.
In a similar style to the Target hack, the tweet asked for users to send 0.1 Bitcoin (BTC) with the promise that they would receive 20 BTC in exchange.
Fossbytes reported that 6 BTC (around $38,000) was sent to the hacker’s wallet within 24 hours.
How can Twitter users protect themselves?
Joseph Carson, chief security scientist at cybersecurity company Thycotic said:
“Twitter accounts are only as secure as the people using them and in most situations, only a password is between the owner and the cybercriminals from abusing the accounts.”
He recommended that verified accounts use multi-factor authentication.
The tweet scams have also raised questions about Twitter’s screening process for adverts, as both the Elon Musk and the Target scam tweets were promoted by the platform.