Twitter might be able to pry the Twitter account out of the hands of an outgoing President of the United States, but they seem to have a lot more difficulty securing the accounts of their other users.
As Bleeping Computer reports, hackers are still making hay hijacking the accounts of verified users to promote cryptocurrency scams.
In a typical attack, the hacked account (which bears the supposedly reassuring “verified” tick mark) leaps into a conversation by Tesla founder Elon Musk, in the hope that the Muskter’s legions of fans might see their scammy message.
Clicking on the link takes unsuspecting users to a webpage that promotes a bogus Bitcoin giveaway, supposedly run by Elon Musk and Tesla.
It’s not just Elon Musk whose name is being abused in this fashion, however. Here, for instance, are examples of a scam where Musk’s name has been switched for high profile cryptocurrency investor Tyler Winklevoss.
And here’s another, promoting a YouTube video which claims to offer urgent Bitcoin investment advice.
In this instance, the scammers have managed to seize control of the verified account of Baywatch actress Kelly Rohrbach, and change her profile name and avatar.
They seemingly felt happy to keep the banner picture on her profile though.
The real Kelly Rohrbach does not appear to have tweeted in over five years. One presumes that not an awful lot of effort has been put into securing her Twitter account either.
What’s frustrating about this is that scams like this are not new on Twitter.
And this latest wave comes just months after a hugely high profile security breach which saw the verified accounts of Elon Musk, Jeff Bezos, Bill Gates,incoming president Joe Biden, and many other figures in the public eye hijacked in an effort to promote a Bitcoin scam.
If you’re a Twitter user the best you can do to secure your account is to:
- Choose a strong, hard-to-crack password that you’re not using anywhere else.
- Be careful to only enter their password into the legitimate Twitter app or website.
- Enable two-factor authentication (known as “Login verification” on Twitter).
- Stop believing everything you read on Twitter. Even if it comes from a company, a reality TV star, or an account with a verified tick.
The rest is really up to Twitter. Talking of which, isn’t it time that Twitter made 2FA mandatory on any account that wants to display a “verified” tick?
Totally agree with you Graham. Twitter should be much more secure and have 2FA enabled before they issue a tick mark against the username. This is 2021 and security stories like these are making me feel that security is getting worse over time.