Profile picture
James Barisic 🇪🇺 #FBPE @jamesmb
, 12 tweets, 9 min read Read on Twitter
This is THE most incredible #scam on @Twitter yet and it raises all sorts of questions for @twitter, @verified and @jack (there goes my chance of ever getting my blue tick!!)

It starts with a promoted tweet...
You’ll notice that, on the #promoted tweet, the account name is Elon Musk and it has a blue tick... so it’s got to be legit, right?
But, if we need proof that this is a genuine offer from Elon Musk, we just have to click on that account and see his other tweets to make sure it’s him...
Looks like his real account, right? But take a closer look. Why would he be retweeting all his own tweets?

Well, he wouldn’t be. The scam account has just retweeted all Elon Musk’s stuff to make it look like it is real and populated by his tweets.
But it can’t be a scam when you look at who has taken part and got a bitcoin payout. Here are @wsu_womensgolf, MEP for @lesRepublicains @geoffroydidier, the @RPSGMavericks & @CarteNoireUK - all @verified.

And, yes, these are all real tweets.
So, how did they pull it off and why?

Firstly, you hack or phish the login credentials for some credible accounts. You’ll need to hack one account to host the scam tweet (@MonsterJobs in this case) and some other good accounts to lend the scam credibility (see above).

#phishing
Then you run the advert in the knowledge that it probably won’t get checked...
Then you reply from all the @verified accounts that you have under your control about how good the offer/scam is - immediately giving it credibility.
Of course, @twitter can’t be expected to check every advert by hand but the automated screening is awry if such blatant scams cannot be identified and either stopped or passed for human review.

#scam #onlinesafety
This is probably the worst scam I’ve seen on @twitter (I’ve seen much worse elsewhere) and I’m sure that they will put systems in place. But, in the meantime, people please take time to think about these ads and scams before losing money and bitcoins.

#security #onlinesecurity
Ps @verified please don’t place this on my file! 😘 Think of it, instead, as a very public spirited announcement to help protect the community from scammers!
PPS I also suspect that @monsterjobs has no idea that their account has been hacked.

This is, however, another example of why companies need proper 24 hour social media monitoring and disaster recovery training. The reputational damage can be immense.

#gemdbs2018
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to James Barisic 🇪🇺 #FBPE
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!