A Bitcoin Scam Uses Elon Musk's Name to Defraud Users out of Their Money

Most of you probably know how Twitter works. You 'follow' some people, and the things they share appear in your timeline alongside some ads that may or may not be relevant to your interests. One of the great things about the microblogging platform is that many celebrities use it, and through it, you can see what they're up to when they don't have a large number of microphones shoved under their noses.

Celebrities and organizations often go through Twitter's verification procedure. Verified accounts get a blue tick after their display name which helps their followers distinguish real profiles from imposters and scammers. The system has been around for a while now, but yesterday, a wave of scam tweets showed that it's painfully flawed.

No, Elon Musk still isn’t giving away any cryptocurrency

At its heart, the scheme isn't exactly new, and we actually discussed it several months ago when it first surfaced. It all starts with hijacking a Twitter account and changing the display name as well as the avatar to make the profile look like it belongs to a celebrity or an organization.

It's not clear why, but when they first started this type of activity, the scammers frequently tried to impersonate Elon Musk. They would go through his tweets and would use the compromised profiles to announce a fake cryptocurrency giveaway in the replies. It looked like Mr. Musk had tweeted about whatever was bothering him on that particular day and had then posted something along the lines of "I almost forgot to tell you about the great giveaway I'm organizing…"

The actual fraud is as simple as it is clever. Mr. Musk allegedly has quite a few digital coins lying around, and he'd like to give some of them to you. The only problem is, Tesla's CEO doesn't know the address of your cryptocurrency wallet. That's why, you send a small amount of digital money (let's say 0.01BTC) to him, and he returns a much larger amount (for example 1BTC) to your wallet. The second part, of course, never materializes, and you just lose your money.

At one point, Elon Musk himself stated that he has no intention of giving away crypto money, not least because he hasn't got any. Despite this, the crooks continued to post their fake giveaways, and some people did fall for the scam. One big hole in the plan, however, was that the hijacked accounts didn't have a blue tick. Recently, the crooks decided to address the issue.

Tweets from verified accounts now advertise cryptocurrency scams

It's not yet clear how, but the criminals have managed to hijack quite a few verified accounts. Some of them were once again treated to a new display name and profile picture to impersonate Elon Musk, though this time, the change wasn't quite so simple. After the previous campaign, Twitter put mechanisms which automatically alert the social network's anti-abuse team about accounts that change their display names to Elon Musk. The crooks had to resort to using homoglyphs and filters on the profile pictures.

The differences fooled the automated algorithms, and at the same time, they were small enough not to be distinguishable to most people. More importantly, the blue tick tricked users into thinking that this really is Elon Musk, and he really is willing to share his crypto coins with some random people on the Internet.

Indeed, we're talking about random people. To reach more users, the crooks used what were most likely payment details saved in the compromised accounts to buy promoted tweets. As a result, even people who don't follow Elon Musk saw the fake giveaways in their feeds. That wasn't all.

The replies under the announcements were full of other blue-ticked profiles trying to give the scam more credibility by saying that they've taken Musk up on his offer and that everything is completely legitimate. All in all, a lot of effort went into what is a fairly big campaign, and although the fraudulent activity has slowed down today, another wave of tweets could be just around the corner.

A large-scale attack that has paid off handsomely

Security expert Oliver Hough is one of the people keeping a close eye on the wave of fake giveaways. He tracked a total of five fake Elon Musks yesterday, and one more today. As of the time of writing, an additional 29 verified accounts have been used to keep the hype going, and some profiles that don't have a blue tick have also chimed in. The criminals have redirected victims to 25 different domains, and there are reports of screenshotted tweets photoshopped to look like they are coming from Musk's own account.

The crooks threw a lot of work into the attack, but it's fair to say that their efforts have paid off. They used quite a few bitcoin wallets meaning that it's not easy to accurately calculate what the profit is. According to the activity recorded at some of the addresses, however, we're talking about hundreds of thousands of dollars.

Twitter takes the heat

Nobody knows how the hackers broke in meaning that saying who is responsible for the whole thing is still not possible. Nevertheless, both security experts and victims are lambasting Twitter for its less than perfect verification rules. According to them, you can change your display name and profile picture all you want, and you won't lose your blue tick. The only way to do it is to change your Twitter handle. In other words, if one verified account is impersonating another verified account, the only thing that could give away the scam is the Twitter handle which many people simply don't notice.

Although there are a few valid points about this argument, we reckon that there is one more urgent question: "How did no one notice that cybercriminals are buying ads for fake cryptocurrency giveaways while impersonating a user that has more than 23 million followers?"

Unfortunately, for now at least, we don't have the answer.