Scammers impersonating Tesla CEO Elon Musk earned more than $180,000 in a single day by convincing people to give them Bitcoin.
The scammers carried out the fraud by first hacking into a verified Twitter account, changing the profile name and photo to that of Musk, before sending out tweets offering a cryptocurrency giveaway.
Although such messages can regularly be seen under tweets from Musk’s actual account, scammers recently managed to get their fraudulent offers promoted by Twitter.
Appears someone hacked a publisher's account, changed name to "Elon Musk" and paid for a promoted tweet to scam people into sending bitcoin. This "blue checkmark" vulnerability that lets people just change their names and keep the mark has been well known and yet still not fixed pic.twitter.com/5bH1yWHyib— Joe Light (@joelight) November 5, 2018
The messages include links to websites that instruct users to send Bitcoin in order to receive a substantially larger sum in return.
Numerous Twitter users stated that as many as three promoted scams were circulating on the platform within the last several days.
Analysis of one scammer’s Bitcoin wallet shows that more than 300 people fell for the ruse.
Scammers collected >$175,000 from more than 300 people as part of a #BitcoinGiveaway scam.— 🅼🅰🆁🅸🅴 (@TheRealMarieBTC) November 5, 2018
NO ONE is giving away free Bitcoin... not even @elonmusk @jack It's really crazy that Twitter collected revenue off these scammers and allowed them to pay to promote their tweets #shame pic.twitter.com/i713IsHMw8
One Twitter user even claims to have fallen victim to the ploy, detailing why he felt the offer was legitimate in a complaint to Twitter CEO Jack Dorsey.
“Through hubris, I never thought I would be fooled such a scam,” Twitter user Cal McCormick said.
So @TwitterSupport @jack I fell for the @elonmusk bitcoin scam today. Through hubris, I never thought I would be fooled such a scam. Beyond my own idiocy, there are a few component causes that laid me down that path that I'd like to raise @BBCNews @guardian @carolecadwalla 1/16— Indicative McVoteface (@TweetieMcTweets) November 5, 2018
In a statement to BleepingComputer, Twitter reaffirmed its policy against impersonating accounts in order to deceive users.
The company also alleged substantial improvement in “how we tackle cryptocurrency scams on the platform.”
“In recent weeks, user impressions have fallen by a multiple of 10 in recent weeks as we continue to invest in more proactive tools to detect spammy and malicious activity,” Twitter said. “This is a significant improvement on previous action rates.”
Twitter users are urged to be wary of any claims surrounding free Bitcoin and to always check that a Twitter user’s handle is legitimate.