“A series of unauthorised tweets were sent for which we apologise”
Hackers are using compromised verified Twitter accounts to promote a fake bitcoin giveaway by Elon Musk.
The tweets suggest that Musk is giving away 10,000 bitcoins to the community and all you have to do is send him anywhere between 0.1 to 2 bitcoins (BTC) to confirm your account.
When you look at one of the bitcoin addresses suggested for payment you can see it has processed 395 transactions and received 28 BTC to date, which amounts to £137,646 at current BTC prices.
One reason that people are falling for this scam is that the accounts used to promote it are all blue ticked verified Twitter accounts, leading a bit of legitimacy.
See Also: Twitter Tumbles Even as Ad Revenue Soars
Several well know company Twitter accounts have been caught up and used in the scam, such as Pantheon Books and French film company Pathé.
Scammers use other verified accounts that do not have the name changed to Elon Musk to comment under the giveaway that they have indeed received back bitcoin and that the giveaway is legit.
One such account used was the official Swansea City AFC Ladies account, who commented that they had received back coins under different posts.
While the hackers can change the name on accounts, they cannot change the Twitter handle, which should help to identify the compromised accounts.
Spelling mistakes within the promotion are another indicator of a scam account.
On accounts that have large followers such as Pathé, the scammers have paid for Twitter advertisement to promoted the tweet, resulting in Twitter showing the scam tweets as promoted posts.
Posting the scam on a hacked verified account, combined with positive replies from other compromised blue ticked accounts, shows a decent degree of organisation.
It also highlights that a number of verified accounts on Twitter may be compromised.
Many of the companies involved have wrestled back control of their accounts, issuing apologises to their followers, such as Pathé who posted:
The Pathe UK Twitter account was hacked this morning by an unknown third party. A series of unauthorised tweets were sent for which we apologise. The issue has now been resolved and we have taken back control of our account.
— Pathé UK (@patheuk) November 5, 2018
On other accounts such as Pantheon Books, it appears Twitter support itself has stepped in to remove the Elon Musk profile image and name, leaving the site with a default image and a dot for a name.
Twitter has not responded to call for comment at the time of writing.