Con Watch: Getting Something for Nothing on Twitter
Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.
An estimated 157 million people use Twitter each day, so it isn’t surprising that scammers have used Twitter for years to perpetrate scams. The latest Twitter scam is both simple and ingenious.
The scam begins when a thief impersonates the Twitter account of a prominent person with a lot of Twitter followers. They will use an identical photo and choose a Twitter handle that looks similar to the real thing. For instance, Elon Musk’s legitimate handle, @elonmusk, was impersonated by someone using @elonlmusk (with an l). Someone glancing at the scammer’s tweet might not recognize that it is not the Twitter handle of Elon Musk.
In this case, the scammer tweeted, “I’m giving away 5,000 ETH to my followers! To pаrtiсipаte, just send 0.5-1 ETH to the address below and get 5-10 ETH back to the address you used for the transaction.” (ETH is an abbreviation of the cryptocurrency Ethereum.) Victims then send the cryptocurrency in an attempt to receive more in return. Obviously, the real Elon Musk isn’t involved and — surprise! — the victims never get their money.
Although Twitter is shutting down these scammers as soon as they become aware of them, the scams continue to proliferate because Twitter is always playing catch-up; it takes little time or effort for the scammers to start the scam again using the name of another celebrity.
Another version of this scam followed the Academy Awards. When Jordan Peele won the Oscar for best original screenplay, the real Peele tweeted, “I just won an Oscar. WTF?!” Immediately there was a response from the Twitter account @JordanPeele___ that read “Love you guys, heres a gift from me,” with a link to a gift card scam. Jordan Peele’s real Twitter account is “@JordanPeele” (without the underscores at the end), but it’s easy to see how someone not looking closely could mistake the tweet as being from the real Jordan Peele. (Although you would think that it might be a red flag that a tweet from someone who had just won a writing award would use proper punctuation and not write heres.)
Fake Elon Musk and Jordan Peele accounts are only two examples. Variations of the scam have targeted, among others, followers of cybersecurity expert John McAfee, cryptocurrency Ethereum founder Vitalik Buterin, Khloe Kardashian, and Ellen DeGeneres.
This scam is really just another incarnation of the Nigerian email scam. Elon Musk and other well-known people are not giving away large amounts of Bitcoin in return for paying them fewer Bitcoin, and celebrities are not handing out cash or gift cards. It is always dangerous to click on links in tweets, text messages, or emails unless you are absolutely sure that the link is legitimate. Clicking on the links may download malware, such as keystroke-logging software, that can steal all of the information from your phone, computer, or laptop and use that information to make you a victim of identity theft. Merely going to an infected website — even without clicking on anything in the tainted website — may cause you to unwittingly download malware.
How to Avoid This Twitter Scam
- Be aware that this type of scam exists. When responding to a tweet, make sure the tweet you’re responding to is actually from the real person who started the thread by carefully examining the Twitter handle.
- Understand that no one is giving you something for nothing or a lot for a little. While this seems to be common sense, too often our greed blinds us. It’s important to remember that if it looks too good to be true, it usually is.
- Security software is not just for your computer and laptop. You should install security software on all your electronic devices, including your smartphone, and keep that software updated with the latest security patches. But recognize that even the most current security software is always at least 30 days behind the latest versions of malware that exploit newly discovered vulnerabilities.