A verified account belonging to the Australian branch of consulting giant Capgemini has been spotted running malicious giveaway links on Twitter. Posing as Musk, the malicious tweet encouraged users to send small amounts of cryptocurrency for a chance to participate in a 10,000 Bitcoin (nearly over $60 million) giveaway.
Prior to its removal, the tweet had accumulated thousands of likes and retweets. The wallet address associated with the malicious giveaway links has already received over $12,000 (a little over 2 BTC). However, it’s worth noting that attackers would often make a number of small transactions to themselves to make the giveaways seem more legit.
But more worryingly, it appears the hackers are getting more inventive with their approach to fooling victims into sending them funds.
Next to the malicious tweet from the Capgemini account, the attackers had also taken over a slew of other verified accounts in order to lend credibility to the original tweet. Among others, the hackers had gained access to the accounts of California state senator Ben Allen and Israeli politician Rachel Azaria.
“I sent 0.50 BTC and got back 5 Bitcoins,” a now-deleted tweet from Allen read. “+25 BTC, thank you,” read another one from Azaria.
Fortunately, it seems most of the affected profiles have since been able to reclaim control of their accounts.
While scammers have been hijacking verified accounts to spread fake giveaway links for months now, the trend seems to have intensified as of recently. Last week, a number of high profile accounts – including those the Indian national disaster management authority and Europe’s second biggest film company, Pathé – fell victim to the attackers.
Reports suggest the scammers have swindled over $170,000 from unsuspecting victims from last week’s incidents alone. Of course, there is no telling how much of all funds received was sent by the scammers themselves, as a strategy to make the scheme appear more legit.
Meanwhile, Twitter is still casually nonchalant about this whole affair.
Instant update: A moment after publishing, we noticed the official account of the Indian consulate in Germany, Frankfurt, had also been hacked to promote fake cryptocurrency giveaways:
Published November 12, 2018 — 13:40 UTC