Several popular verified Twitter accounts have been hacked by scammers to promote an ad using Tesla boss Elon Musk’s name and likeness.
British fashion retailer Matalan, film distributor Pathe UK and US publisher Pantheon Books were among those whose accounts were taken over by scam artists.
The scam used promoted tweets – where Twitter is paid by advertisers to make a tweet appear to a wider audience.
The tweets have since been deleted with many accounts recovered, though some were left blank while waiting for their owners to re-enter their name and profile picture.
Scammers targeted several “verified” accounts (denoted with a blue tick) and changed the name and image to that of Mr Musk.
The tweet then urged users to part with a small amount of Bitcoin – a digital currency – to supposedly receive more.
Several other verified accounts, which were also taken under the scam artists’ control, appear in the tweet’s comments to claim that they have received Bitcoin from Mr Musk.
A Twitter spokesperson told the BBC it “doesn’t comment on individual accounts for privacy and security reasons”.
By using accounts with Twitter’s own verification mark (a blue tick), it makes the account appear legitimate at first glance and thus may fool the reader into thinking it is official.
But many of the posts still bear the hallmarks of classic scams – including frequent spelling errors (see “Bitcoic” and “suppoot” in the above tweet) and a request for money.
The account handle itself is also incorrect – a legitimate tweet from Elon Musk would read @elonmusk beside the blue tick. In this case, it reads @patheuk – as the account originally belonged to film distributor Pathe UK.
Clicking on any of the links in the scam sends users to a page where they are urged to send anywhere from 0.1-one Bitcoin (£491-£4,491) to the scammers – with the promise that they would receive one-10 Bitcoin as a reward.
Victims do not receive any Bitcoin after sending money to the scam artists.
The scam is made to seem more trustworthy as various other compromised accounts reply to the tweet claiming that it works.
The scam tweet has been posted by several verified accounts on Twitter.
British fashion retailer Matalan, film distributor Pathe UK and US publisher Pantheon Books were among those whose accounts were reset after the hack.
Pathe UK have since issued a statement to confirm that their account was “hacked by an unknown third party”.
The Pathe UK Twitter account was hacked this morning by an unknown third party. A series of unauthorised tweets were sent for which we apologise. The issue has now been resolved and we have taken back control of our account.
— Pathé UK (@patheuk) November 5, 2018
End of Twitter post by @patheuk
An early form of the scam was first spotted in March when accounts appeared simply using Mr Musk’s name and likeness to ask for Bitcoin.
It became so frequent on the social network that the Tesla chief was briefly blocked from his own Twitter account after he parodied the scam by sending a tweet asking: “Wanna buy some Bitcoin?”.
Now the scam has become more nuanced as it uses Twitter’s own verification to make it more convincing.
A Twitter spokesperson told the BBC that the company has “substantially improved how we tackle crypto-currency scams on the platform”.
“In recent weeks, user impressions have fallen by a multiple of 10 as we continue to invest in more proactive tools to detect spammy and malicious activity.”
By Tom Gerken, UGC & Social News