Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Twitter Users Bilked out of Big Money by Elon Musk Clones

Twitter users are collectively being conned out of tens of thousands of dollars per day via fraud schemes involving accounts impersonating celebrities, including Elon Musk and Vitalik Buterin, the man behind the Ethereum cryptocurrency.

The scam is elegant in its simplicity: When a verified account of a celebrity posts a tweet, a fraud account using the same image and display name simply responds, with an offer to give away the Ethereum cryptocurrency. The scam tweets ask for a small sum to be sent to an account, promising victims that they will receive much larger amounts back in a classic chain-letter gambit.

To an unsuspecting tweeter who doesn’t bother to look beyond the kimono, as it were, it looks like the reply is coming from the verified account of the celebrity.

Chainalysis, which works with Europol to help police track down anonymous users of cryptocurrencies, worked with a Sky News investigative team to discover that multiple independent copycats are behind the scams.

“In the largest scams, Sky News has observed hundreds of fake and automated accounts retweeting and liking the scam post, some responding with claims that they received money back; all providing the scammer with legitimacy and encouraging other users to take part,” the outlet reported.

An analysis of the Ethereum blockchain showed that the tactic is working, with thousands of dollars being sent to the bad actors. The fake accounts have struck hundreds of times over the last two months, with the most successful taking away over $70,000 per day.

“Unfortunately, much like the elderly individuals who get a call from their ‘grandchild’ traveling overseas who was mugged or the person who falls for the legal firm that has ‘millions of dollars of a long lost relative's’ just waiting to be handed over, these types of scams continue to trick people,” Tyler Reguly, manager of software development at Tripwire, told Infosecurity. “We can and should continue pushing for user education, but with the internet as open as it is, we need to look to technology companies to do everything they can to minimize the risk to individuals using their service.”

The indicators suggest that the campaign isn’t one large effort but rather a phenomenon of several copycats attempting the exact same tactic.

"The differences in the way these funds are being handled, such as different withdrawal patterns and the use of different exchanges, is indicative of different copycats attempting to do the same scam,” a  senior developer at Chainalysis told Sky News. "The simplicity of the attack, which requires little technical knowledge and preparation, also leads us to believe it's a trend more than an organized attack."

"Cryptocurrency thieves and other types of scammers are always going to find a platform on which to perform their crimes and it’s no surprise that Twitter has surfaced as one of the more popular of those mediums,” said Lee Munson, security researcher at Comparitech, via email. “While the social network is in no way culpable for any money lost by its users, it could seemingly be far more proactive in shutting down the fake accounts associated with this type of cryptocurrency ruse. Beyond that, it is largely a case of caveat emptor for anyone buying, selling, trading or giving away virtual currency on Twitter.”

For its part, Twitter told Sky News: "We are aware of coordinated spam activity around cryptocurrencies and related software products. The malicious use of automation, impersonation, and other deliberate attempts to deceive are prohibited under the Twitter Rules. Our teams are overseeing a technological process of batch suspending these networks of offending accounts at scale and at speed. If anyone sees suspicious account behavior relating to these issues, they should block the user immediately and report them directly to our dedicated support teams."

What’s Hot on Infosecurity Magazine?