Google and Target are the latest to fall victim to malicious actors who hijack official ‘verified’ Twitter accounts in order to promote a “Bitcoin Giveaway Scam.”
On Tuesday, November 13th, both the Target and Google G-Suite ‘verified’ Twitter accounts were compromised and used to promote a scam advertising the giveaway of free bitcoin in the latest of a string of hacks focusing on leveraging high-profile businesses to take advantage of less-savvy Twitter users.
Though Google has yet to release a statement on the matter, Target commented immediately saying, “Early this morning, our Twitter account was inappropriately accessed. The access lasted for approx. half an hour & one fake tweet was posted during that time about a bitcoin scam. We have regained control of the account, are in close contact with Twitter & are investigating now.”
As with many similar instances in recent weeks, both tweets were promoted as advertisements, allowing the hackers to reach a wider audience. The tweets also stated that the two businesses would finally accept cryptocurrency payments.
The History of the Twitter Giveaway Scam
Earlier this year, it was reported that a similar scheme, the “Eth Giveaway Scam” had resulted in the loss of $4.3 million worth of cryptocurrency.
Scammers would often pose as industry leaders, such as Warren Buffet or John McAfee and even official exchanges in order to mislead Twitter users into sending them ether. This was typically done by asking for a small amount of the cryptocurrency, promising to send back a significantly larger cut.
These types of scams have led to notable figures such as Vitalik Buterin to add phrases like “Non-giver of Ether” to their alias to help ensure the community does not fall victim to the ruse, but the latest onslaught of hacked ‘verified’ accounts highlights a more worrying issue.
A ‘Verified” Scam
Twitter issues a comforting blue checkmark to larger companies and celebrities to prevent would-be impersonators from damaging their reputation or misleading a particular audience, but the practice seems to be falling short in recent months.
From the G-Suite and Target accounts, to another recent scheme wherein malicious actors took control of the Capgemini Australia verified account to pose as Elon Musk, it’s becoming increasingly difficult to tell what is real.
In the case of the Capgemini scheme, hackers even hijacked an army of politicians and businesses to help promote and re-tweet the fake Elon Musk’s giveaway thread.
Even without the ‘verified’ tag, scammers are getting more and more creative and outrageous in their promotion of these schemes – with some even calling out other scammers to promote their own scam!
Rule of Thumb
Just like anywhere else on the internet, it’s always important to stay vigilant, even on Twitter.
Remember, no one from an exchange, wallet provider or otherwise is ever going to ask you for your private keys, and if they do, it’s likely a scam.
Additionally, “if it’s too good to be true, it probably is,” especially if it involves sending someone else money first.
And finally, no, Elon Musk isn’t going to give you bitcoin, ether, or dogecoin. I promise.