Tweets from Elon Musk Still Aren't What They Seem


We've seen this before, and it's worth noting again. A tweet from a blue-checked Elon Musk is all it takes to set a Bitcoin giveaway frenzy into motion. The only problem is that it’s just the same hoary old advance fee scam.

Hijacked verified Twitter accounts masquerading as Elon Musk are again being used to tweet messages, complete with typos, and a link to a webpage that's supposed to be connected with Musk’s SpaceX. All this from a Twitter account complete with a verified blue check.

Motherboard's Joseph Cox noted that the hijacked account actually retweeted genuine tweets from the real Elon Musk to appear more convincing. Other compromised accounts complete with blue check join in the thread, telling the marks that they've sent in Bitcoin and received more in return, just by retweeting the message to their own followers.

Twitter has restored control of hijacked accounts to their rightful owners, and all the bogus messages have been deleted. But this iteration of the scam drew three-hundred-ninety-two payments for a total of roughly $180,000.

Scammers earn a tidy sum exploiting Twitter users' gullibility, so shutting one scam down is just a small bump in the crooked road. As one is shuttered, another takes its place to entrap the gullible and greedy. Sometimes the scammers even get the spelling and grammar correct. One quick lesson to draw from this episode is that the blue check may not be much more help than the old green padlock as a marker of trustworthiness.

Employee awareness of scams is an organization's best defense against them. Your organization probably isn't going to open its Bitcoin wallet for an advance fee con, but your employees might open theirs, and that's bad for them and potentially bad for you, too. Cyber criminals won't need to be much more sophisticated than a phony Nigerian prince as long as people remain unfamiliar with their games. New-school, interactive, tailored training can help knock back these primitive but still successful scams.

Graham Cluley has the story:

Subscribe To Our Blog

Nuclear Ransomware Webinar

Get the latest about social engineering

Subscribe to CyberheistNews