Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Bitcoin Twitter

Twitter is Struggling To Contain the Bitcoin Scam Outbreak (usatoday.com) 52

Posted by msmash from the closer-look dept.
Google's official G Suite Twitter account is the latest victim of an ongoing bitcoin scam that has been plaguing the social media platform for the last few weeks. Earlier on Wednesday, Target saw a similar hack. From a report: G Suite might be the highest-profile target of the scam yet, which saw fake, promoted tweets that appeared to originate from the G Suite account pop up in users' timelines this afternoon, directing them toward a scammy bitcoin address as part of a "giveaway." From another report: The hackers have also hacked other high-profile accounts and made similar pledges, Twitter confirmed. In multiple cases, they have impersonated Elon Musk, the CEO of Tesla and SpaceX, and made a similar bitcoin pledge. To do so, they installed Musk's Twitter photo on the verified Twitter accounts they hacked and changed the accounts' display name to his. Musk's genuine Twitter account has not been compromised. In this incident, the scammers direct unsuspecting Twitter users to click on a giveaway link and to send bitcoin payments to them. By sending a certain amount, users are dubiously promised more bitcoin in return. Victims are also promised a chance at winning more. In some cases, the hackers have apparently paid Twitter to promote the ads. It was not immediately clear why Twitter was not able to stop those promotions from occurring.
This discussion has been archived. No new comments can be posted.

Twitter is Struggling To Contain the Bitcoin Scam Outbreak More

Twitter is Struggling To Contain the Bitcoin Scam Outbreak

Comments Filter:

  • Fake accounts for gathering fairy dust (Score:5, Interesting)

    by WoodstockJeff ( 568111 ) on Tuesday November 13, 2018 @04:32PM (#57639258) Homepage

    Hacking the stupid is always easy.

    • Is this even hacking so much as social engineering? It sounds like the only step in here that might have involved hacking was getting access to an account with verified status, but my guess is that they used some form of social engineering to do that as well. Just target people with bogus emails claiming to be Twitter and eventually someone will enter their credentials into the bogus website you've set up or give the information to someone over the phone.

      I wish that the news media would quit getting ever

      • Re:Fake accounts for gathering fairy dust (Score:5, Insightful)

        by Kaenneth ( 82978 ) on Tuesday November 13, 2018 @04:59PM (#57639400) Journal

        Twitter needs to stop being retarded, and just remove the 'Verified' mark if a user changes their display name.

      • Re: (Score:2)

        by rtb61 ( 674572 )

        This kind of behaviour on crypto currencies will just get worse and worse, as the market shrinks to mainly criminals and the get rich quick gullibles, it is nasty and getting nastier, as the pool of money shrinks and the criminals are trying to steal as much as they can before the crypto ponzi lake mainly dries up. At foetid pool for nothing but criminal transactions will be all that remains better not have too much crypto, because they will find your remains after you fess up the password.

  • Legit offer (Score:1)

    by Anonymous Coward

    For every one Bitcoin sent to this address:
    18awryFxpSG2C1PRHWCteoak94HfdFbnfD

    I will send 1000 Dogecoins in return! Simply reply with your Dogecoin address below!!

    This offer is 100% legit!!!

  • The answer seems very simple... (Score:1)

    by Anonymous Coward

    Display name changes of verified users must be explicitly approved, or require re-verification with the new name.

  • Dear Twitter (Score:2, Informative)

    by mysidia ( 191772 )

    For starters..... make Two Factor Authentication using a hardware token such as Gsec token a mandatory requirement for enabling the Verified mark........ Secondly compromise of an official Google account makes one suspect exploitation of some kind of hole in Twitter's systems; mainly b/c Google goes the extra mile in regards to security ---- its difficult to imagine anyone could have scammed G suite creds from them easily. Also the sudden serial compromises of multiple other high-profile Twitter ac

    • Re: (Score:3)

      by EvilSS ( 557649 )
      In that case the real G Suite account wasn't compromised, someone made a look-alike account and got the tweet promoted. Note in the article there isn't a check-mark on the scam tweet's account. Twitter does support hardware tokens, such as the Google Titan Fido U2F keys, which I'm sure the G Suite employees all have (since Google made them mandatory for employees/contractors).

  • Breaking News!!! (Score:1)

    by Anonymous Coward

    Tesla investors are now calling on hackers to fully manage Elon Musks Twitter account.

    "We found that the hackers posts were actually less likely to draw SEC attention" said one investor.

    Another added "even after losing 10 Bitcoin to the scam we still did better than if we had allowed Elon to get us another $20m fine."

  • lol, struggling, yeah, right. correct headline "not really trying"

  • Target scam was pretty good. (Score:5, Insightful)

    by kiwioddBall ( 646813 ) on Tuesday November 13, 2018 @05:05PM (#57639424)

    I got this promoted post in my Twitter feed. I still don't know how it was done.

    Anything you say about being stupid ain't true. The only way of detecting it was a scam was that crypto was involved.

    The account was verified, it had the Target twitter picture, It was called Target, and the real clincher was that the address of the account was displayed as @Target (can't remember the upper or lower case). It looked identical.

    I was surprised, and visited tha actual Target twitter account to see their tweets and replies and couldn't see where this tweet had been posted. The only inconsistency.

    There were replies below the tweet that looked like they were from Best Buy etc that also looked genuine in the same way including the @ address.

    The fake Elon Musk tweets have his picture, are verified, have the elon musk name, but the @ address is always some rubbish. The Target post was not that.

    Twitter have some explaining to do.

    • Well, Twitter was stupid to allow to change the name of a verified account without doing the verification again.

    • Those accounts aren't verified.

      • Of course they are. They just aren't verified as belonging to the account they claim they are. If you change your twitter handle you don't lose the verified mark.

    • The only way of detecting it was a scam was that crypto was involved.

      The whole thing was based on the most basic model of scams; "send us some money first and we'll send you even more in return!"

      Nobody should ever fall for that type of scam, but some people do because they're blinded by their own greed and they overlook clues that should be painfully obvious.

    • "visited tha actual Target twitter account to see their tweets and replies and couldn't see where this tweet had been posted. The only inconsistency."

      A promoted post will not necessarily appear in the account's tweets. For example, @Apple has zero tweets but plenty of promoted posts.

  • This has been going on for at least a year!

  • This should be simple (Score:1)

    by Anonymous Coward
    If a tweet or ad promotes bitcoin or blockchain, it's a scam.

  • Under different names. I didn't screen shot them, but it looked to me like the text was the same on each of them. I'm unclear why they simply couldn't cut off any promoted tweet with the offending text.

    Honestly, if I were them, I'd simply cut off any promotions featuring bitcoin and be done with it.

Slashdot Top Deals

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Close