Cryptocurrency scammers hijack verified accounts once again, jumping on Elon Musk’s Twitter threads

Graham Cluley
Graham Cluley
@[email protected]

Cryptocurrency scammers hijack verified accounts once again, jumping on Elon Musk's Twitter threads

Twitter might be able to pry the Twitter account out of the hands of an outgoing President of the United States, but they seem to have a lot more difficulty securing the accounts of their other users.

As Bleeping Computer reports, hackers are still making hay hijacking the accounts of verified users to promote cryptocurrency scams.

In a typical attack, the hacked account (which bears the supposedly reassuring “verified” tick mark) leaps into a conversation by Tesla founder Elon Musk, in the hope that the Muskter’s legions of fans might see their scammy message.

Elon scam

Clicking on the link takes unsuspecting users to a webpage that promotes a bogus Bitcoin giveaway, supposedly run by Elon Musk and Tesla.

Musk scam

It’s not just Elon Musk whose name is being abused in this fashion, however. Here, for instance, are examples of a scam where Musk’s name has been switched for high profile cryptocurrency investor Tyler Winklevoss.

Mmcrypto scam

And here’s another, promoting a YouTube video which claims to offer urgent Bitcoin investment advice.

Kelly scam

In this instance, the scammers have managed to seize control of the verified account of Baywatch actress Kelly Rohrbach, and change her profile name and avatar.

They seemingly felt happy to keep the banner picture on her profile though.

Kelly profile

The real Kelly Rohrbach does not appear to have tweeted in over five years. One presumes that not an awful lot of effort has been put into securing her Twitter account either.

What’s frustrating about this is that scams like this are not new on Twitter.

Sign up to our free newsletter.
Security news, advice, and tips.

And this latest wave comes just months after a hugely high profile security breach which saw the verified accounts of Elon Musk, Jeff Bezos, Bill Gates,incoming president Joe Biden, and many other figures in the public eye hijacked in an effort to promote a Bitcoin scam.

If you’re a Twitter user the best you can do to secure your account is to:

  • Choose a strong, hard-to-crack password that you’re not using anywhere else.
  • Be careful to only enter their password into the legitimate Twitter app or website.
  • Enable two-factor authentication (known as “Login verification” on Twitter).
  • Stop believing everything you read on Twitter. Even if it comes from a company, a reality TV star, or an account with a verified tick.

The rest is really up to Twitter. Talking of which, isn’t it time that Twitter made 2FA mandatory on any account that wants to display a “verified” tick?

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Cryptocurrency scammers hijack verified accounts once again, jumping on Elon Musk’s Twitter threads”

  1. mark jacobs

    Totally agree with you Graham. Twitter should be much more secure and have 2FA enabled before they issue a tick mark against the username. This is 2021 and security stories like these are making me feel that security is getting worse over time.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.