Google’s G Suite Too Falls Prey to Twitter Crypto Scam, but Promoted Tweet Raises Questions
Twitter has been under a constant attack recently from spam bots, publicising Bitcoin giveaways. The MO (modus operandi) of these bots is to hijack verified accounts of celebrities or renowned brands and ask their followers to send a small amount of Bitcoin or any other cryptocurrency with hollow promises of a much bigger bonus in return.
But of late, many of these bots have infiltrated Twitter, and despite twitter’s effort to keep the platform clean, several accounts including that of Indian B2B e-commerce portal IndiaMART as well as India’s National Disaster Management Authority (NDMA) have been compromised in the last few days. Other victims of the bot scam include UK-based clothing Farah, and the Australian branch of the tech consulting firm Capgemini, as well as Tesla CEO Elon Musk whose identity is being used to drive a lot of these scams.
While one of the recent victims to this scam was the official handle of Google’s G Suite. The account has over 822,000 followers, which is a big pool filled with small and big fishes. Multiple users reported the breach, and while the tweet disappeared minutes after it was tweeted, it was however enough to grab the attention of Twitteratti.
— Ankit Kumar (@Ankitsony3) November 13, 2018
Restored now, but wow, @gsuite. This is happening frequently enough that Twitter really needs to make a statement on *how* it’s happening IMHO. What advice are they giving people on how to avoid this? https://t.co/Cx96mIKnWj
— Troy Hunt (@troyhunt) November 13, 2018
While the exact time for which the tweet went live is not apparent, taking note of the time stamp o the screenshot shared by a Twitter user @UdaanTappu, it is clear that the tweet could have been seen after at least 19 minutes of been posted.
What's up Twitter?? pic.twitter.com/Buc82WVoXy
— UdaanTappu™ (@UdaanTappu) November 13, 2018
The G Suite or Google team has not issued any official statement concerning the hack, so it looks like while steps are being taken to curb the hack and avoid talking about it, the company does not want any negative publicity.
An alarming part of the story is that the obtrusive tweet seems to have been promoted by Twitter, which means Twitter has been talking about taking strict action, these scammers are easily trading under the nose of advert moderators.
The 1st version of my "Crypto Scam Hunter" is working. Every 4h, the bot will publish a message like this one for the hacked verified accounts who are promoting crypto scam. Stay tune! https://t.co/wnJ2XQ2VXN
— Elliot Alderson (@fs0c131y) November 13, 2018
You should note that the French white-hat hacker who goes with the alias Elliot Alderson created a bot to counter the spam bot, his created bot will automatically point out any offensive and rogue spam tweets resonated from the bot, and it seems to be doing a better job than Twitter’s extensive team of facilitators.