Target and other high profile Twitter accounts exploited for cryptocurrency scams  - target 1 - Target and other high profile Twitter accounts exploited for cryptocurrency scams. Umm… is Twitter doing anything about this?

Just yesterday, Twitter accounts owned by IT consultancy Capgemini, the Consulate General of India in Germany, California state senator Ben Allen, and Israeli politician Rachel Azaria, were exploited by scammers who used them to promote bogus cryptocurrency giveaways.

The scam works by offering users who transfer a small amount of Bitcoin (say, 0.1 Bitcoin) a large amount in return (say, 10 Bitcoin). If that offer sounds too good to be true, well… it is.

We’ve seen a spate of verified Twitter accounts meddled with by scammers in recent weeks, and there’s no sign that Twitter is getting any better at stopping it.

The latest high profile account to come under ? US retail giant Target (which is, of course, no stranger to being hacked).

Target tweet  - target tweet - Target and other high profile Twitter accounts exploited for cryptocurrency scams. Umm… is Twitter doing anything about this?

Since this article was first published, Target has been in touch with the following statement:

Early this morning, Target’s Twitter account was inappropriately accessed. The access lasted for approximately half an hour and one tweet was posted during that time about a bitcoin scam. We’re in close contact with Twitter, have deleted the tweet and have locked the account while we investigate further.”

Quite why Twitter is allowing promoted ads to be created that are obviously scammy is a mystery to me. Are they really not able to put measures in place to prevent the scammers from posting their fraudulent tweets? Or do they think it’s a low priority?

I’d love to know how this is possible, but in the meantime I would urge all Twitter users to ensure that they have enabled two-factor authentication via a third-party application, and revoke access rights for any un-needed third-party .

Talking of which, isn’t it about time Twitter made 2FA mandatory (known as “Login verification” on Twitter) on verified accounts?

I think if Twitter wants to better protected its verified users, it should make Login Verification compulsory. And if a user turns off Login Verification, they should also lose their verified “tick”.

For further discussion of the earlier attacks, and other stories from the world of security and online privacy, be sure to check out the “Smashing Security” podcast:

Smashing Security #101: ‘Rule 34, Twitter scams, and Facebook fails’

Listen on Apple Podcasts | Google Podcasts | RSS for you nerds.

- aa9ea0686c5d1aa9086d4b12c3aa05f2 s 80 d mm r g - Target and other high profile Twitter accounts exploited for cryptocurrency scams. Umm… is Twitter doing anything about this?

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Follow @gcluley





Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here