Cryptocurrency scammers hijack verified accounts once again, jumping on Elon Musk’s Twitter threads

Graham Cluley
@gcluley

Cryptocurrency scammers hijack verified accounts once again, jumping on Elon Musk's Twitter threads

Twitter might be able to pry the Twitter account out of the hands of an outgoing President of the United States, but they seem to have a lot more difficulty securing the accounts of their other users.

As Bleeping Computer reports, hackers are still making hay hijacking the accounts of verified users to promote cryptocurrency scams.

In a typical attack, the hacked account (which bears the supposedly reassuring “verified” tick mark) leaps into a conversation by Tesla founder Elon Musk, in the hope that the Muskter’s legions of fans might see their scammy message.

Clicking on the link takes unsuspecting users to a webpage that promotes a bogus Bitcoin giveaway, supposedly run by Elon Musk and Tesla.

It’s not just Elon Musk whose name is being abused in this fashion, however. Here, for instance, are examples of a scam where Musk’s name has been switched for high profile cryptocurrency investor Tyler Winklevoss.

And here’s another, promoting a YouTube video which claims to offer urgent Bitcoin investment advice.

In this instance, the scammers have managed to seize control of the verified account of Baywatch actress Kelly Rohrbach, and change her profile name and avatar.

They seemingly felt happy to keep the banner picture on her profile though.

The real Kelly Rohrbach does not appear to have tweeted in over five years. One presumes that not an awful lot of effort has been put into securing her Twitter account either.

What’s frustrating about this is that scams like this are not new on Twitter.

Sign up to our newsletter
Security news, advice, and tips.

And this latest wave comes just months after a hugely high profile security breach which saw the verified accounts of Elon Musk, Jeff Bezos, Bill Gates,incoming president Joe Biden, and many other figures in the public eye hijacked in an effort to promote a Bitcoin scam.

If you’re a Twitter user the best you can do to secure your account is to:

  • Choose a strong, hard-to-crack password that you’re not using anywhere else.
  • Be careful to only enter their password into the legitimate Twitter app or website.
  • Enable two-factor authentication (known as “Login verification” on Twitter).
  • Stop believing everything you read on Twitter. Even if it comes from a company, a reality TV star, or an account with a verified tick.

The rest is really up to Twitter. Talking of which, isn’t it time that Twitter made 2FA mandatory on any account that wants to display a “verified” tick?

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One comment on “Cryptocurrency scammers hijack verified accounts once again, jumping on Elon Musk’s Twitter threads”

  1. Totally agree with you Graham. Twitter should be much more secure and have 2FA enabled before they issue a tick mark against the username. This is 2021 and security stories like these are making me feel that security is getting worse over time.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.