Scammers promising free bitcoin have become more sophisticated over the past few months, hacking verified Twitter accounts like Target to spread their scheme. which seems to be coming coming from Russia.
In March, Twitter CEO Jack Dorsey held a clear-the-air livestream discussion to address concerns about the #health of the company’s platform. Abuse in addition to disinformation were top of mind, however Dorsey also spoke to another problem as well: the proliferation of cryptocurrency giveaway scams.
Send us a modest bit of bitcoin, an account made to look like @ElonMusk or @realDonaldTrump would likely say, pledging in true Nigerian Prince fashion which which would likely deliver a much larger amount in return. These were unsophisticated schemes, however they were widespread. Dozens of bogus scam-peddling celebrity accounts were being created every day, in addition to which was alarming to Dorsey in addition to to Twitter’s vice president of trust in addition to safety, Del Harvey. On the livestream, Dorsey in addition to Harvey promised quick, tactical action against them, noting which Twitter would likely use pattern matching in addition to machine learning to eliminate a problem which seemingly arrived on the scene of nowhere.
More than eight months later, cryptocurrency scams are still prevalent on Twitter. Though the platform outright banned all cryptocurrency ads in March, fraudsters — some who appear to be Russia-based — have become more sophisticated in addition to are starting to hack verified accounts with high follower counts to push their scams. In some cases, they’ve even purchased in addition to run Twitter ad campaigns to promote them.
On Tuesday, hackers were able to post promoted tweets coming from the accounts of Target (1.9 million followers) in addition to Google’s business apps division, G Suite (more than 823,000 followers), in addition to used them — along with various other verified accounts — to pump cryptocurrency giveaway scams through Twitter’s own ad network. BuzzFeed News was also able to purchase cryptocurrency scam ads with the same language.
Compared to platform-defining problems like abuse, harassment, in addition to the manipulation of public discourse by fake accounts, ridding Twitter of cryptocurrency scams might seem a low priority for the company. however as Dorsey pushes ahead with his “healthy conversation” charm offensive, bitcoin giveaway schemes are an eyesore in addition to another reminder of Twitter’s ongoing failure to keep people safe on its platform.
“Twitter’s somewhat disconnected response here is usually indicative of the fact which they probably see which as an annoyance.”
“We’re constantly adapting to bad actors’ evolving methods, in addition to have made improvements in combating cryptocurrency scams on the platform,” a Twitter spokesperson said in a statement. “We’ll continue to move quickly to address these issues in addition to help our partners take the appropriate steps to protect their accounts.”
“I would likely say actually which Twitter’s somewhat disconnected response here is usually indicative of the fact which they probably see which as an annoyance,” said Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint, an enterprise security company. He has been studying the scams since they became prevalent last spring, in addition to he originally compiled a long list of IP addresses, websites, in addition to wallets used by the bad actors.
Twitter has various other big problems to address, he added, however “which’s not like the plumbing isn’t there to fix which.”
In March, as fake accounts proliferated within the replies sections of the official accounts of @ElonMusk in addition to @realDonaldTrump, often mimicking the handle, avatar, cover photo, in addition to tweets of the original account, Twitter made which seem like which had the tools to get which under control. “which’s something we’ve truly seen come out nowhere in addition to spike up, however we have different work streams which are solely focused on which,” Harvey said during the March livestream. “We’ve made a lot more progress within truly the past week, in addition to we wish to have a lot more of which under control within the near future.”
Harvey’s prediction has proven naive. Twitter’s bitcoin scam problem persists, in addition to the scams themselves have evolved. Observers are seeing fewer impersonations of celebrity accounts, with fraudsters moving instead to take over verified accounts with high follower accounts to run giveaway scams in organic messages or promoted tweets. which’s happened to a wide swath of users with blue checkmarks: big brands, journalists, in addition to even the campaign account of a sitting US lawmaker ahead of the midterm elections.
which persists because which works, Kalember said. in addition to while which’s impossible to know how much scammers actually take in during the schemes — fraudsters will often seed their own giveaways to make which seem like money is usually going into their publicly viewable cryptocurrency wallets — Kalember estimates which “each of them seems to net somewhere between $25,000 in addition to $0,000 in bitcoin.”
Tuesday’s hack of @Target in addition to @GSuite was the newest variation of an old trick. In those cases, according to two sources familiar with the details, hackers gained access to a third-party marketing account with the ability to post promoted messages, however not organic tweets, for brands like Target in addition to G Suite. which allowed the hackers to purchase in addition to publish bitcoin scam ads to the brands’ followers, somehow circumventing Twitter’s advertisement review process.
“We giving 5 000 [sic] Bitcoin (BTC) to all community!” @Target’s promoted message read. “We present cryptocurrency payments for your purchases in our store, in addition to want to celebrate which event with all users!”
Twitter removed ads coming from both accounts within 30 minutes, however which’s unclear why the ads ran at all, given Twitter’s ban on cryptocurrency advertisements in March. in addition to according to the company’s rules about promoted tweets, Twitter prohibits gambling content in addition to “misleading or deceptive claims … such as ‘get rich quick’ offers.” The company claims to closely scrutinize promoted tweets, which are vetted by algorithms in addition to human reviewers.
Neeraj Agrawal, a spokesperson for cryptocurrency think tank Coin Center in addition to an avid Twitter user, credited the social network for largely ridding itself of the mass celebrity impersonation accounts, however was surprised which the bitcoin giveaway ads were permitted on the social network. “You would likely think which there is usually some type of filter or review,” he said, citing his own experiencing placing Twitter ads.
Twitter declined to say how much scammers spent to run the ad in addition to how many people which reached before which was removed. A spokesperson for Target confirmed the attack, stressing which there was “no inappropriate access, at any point to Target’s Twitter account,” in addition to the company had “taken numerous security measures” to further secure itself on the social network. A spokesperson for Google declined to comment.
“You would likely think which there is usually some type of filter or review.”
A BuzzFeed News analysis of the Target in addition to G Suite account hacks suggests the perpetrators may have been the same ones responsible for similar schemes back in March. BuzzFeed News examined the websites touted within the Target in addition to G Suite promoted tweet scams in addition to determined they share a web server which also hosts sites like btc-back.net, elonmusk.gift, in addition to eth-giving.com.
While domain registration information for those scam sites is usually hidden, various other sites hosted on the server are registered to Russian names with associated emails, in addition to Russian addresses. A QR posted in one of the tweets was hosted on a Russian domain. The server currently hosts 0 Russian in addition to English–language websites for illegal pharmacies, escort services, in addition to a business which promises to improve the levels of World of Warcraft characters. Many of them appear to be based in Russia.
“The phrasing of the tweet themselves seem to suggest a Russian or Ukrainian-language actor,” Kalember said. The researcher has also examined phishing emails sent by scammers to marketing in addition to social media managers, which ultimately help them post coming from verified accounts like @Target. According to Kalember, those emails also show strong connections to Eastern European actors.
Twitter declined a request for technical details on the promoted scam ads.
“If you are the social media manager for a major brand which would likely carry around something like a verified profile, you’re going to be a target of a phishing attack,” Kalember said. “When you see these scams when there’s one verified account which’s tweeting out scams with, you know, a fake Elon Musk profile, in addition to three or four or 5 different various other verified accounts reply, all of which shows just how easy which is usually to phish the operators of these accounts.”
On Thursday, following the Target in addition to G Suite-run scams, BuzzFeed News conducted a test, placing orders for six advertisements using a verified Twitter account. These test ads featured the same wording in Target in addition to G Suite bitcoin giveaway tweets, with one containing the exact same scam website URL. The 5 others had either no URL or a made-up one intended to check if Twitter’s ad-filtering measures would likely be able to identify something which looked like an outright scam. The test ads were promoted in two ways: one encouraged website clicks, the various other was optimized for impressions in addition to the widest possible audience. A source familiar with the Target in addition to G Suite scam ads told BuzzFeed News which they were most likely the latter in addition to designed to reach the largest number of people.
BuzzFeed News paused the ads immediately upon buying them, to ensure they did not circulate on Twitter. Still, which took between 30 in addition to 0 minutes for Twitter to flag in addition to remove most of them coming from its ad network. About seven hours after the first ad was bought, the company locked the account coming from which the ads were purchased. which did not notify the account owner.
BuzzFeed News’ experiment shows which even if Twitter takes a short while to retake a compromised account, a scam has potential to do damage. Even as the company became aware of the scams in addition to gave statements to the press about investigating the matter, the fraud kept spreading. which continues to snowball.
Three days after the Target in addition to G Suite scampaigns hack, another bogus cryptocurrency giveaway appeared on Twitter. which claimed Tesla CEO Elon Musk was giving away free bitcoin to celebrate his alleged departure coming from the company’s board of Tesla. The bitcoin wallet associated with which showed 32 transactions totaling just over $4,500 before Twitter removed which.