Does this mean Target's twitter was successfully attacked?
up vote
44
down vote
favorite
I was just surprised to see this suspicious promoted tweet, asking me to send Bitcoins
I added the hand-drawn red lines so I am not responsible for propagating the apparent scam.
Clicking on the user name seems to take me to the genuine Target page with the verified checkmark.
Clicking on the link to the tweet (i.e. "40m") gives me an error that the tweet no longer exists.
Clicking on the URL goes to a page that looks like the screenshot, and a list of transactions.
Is it fair for me to conclude: Target lost control of their Twitter account to an (internal or external) scammer, who is ripping off people who think they are having a give-away?
Is there another way their username could appear advertising a scam without access to their Twitter account credentials?
social-engineering bitcoin twitter social-media
asked Nov 13 at 11:34
Oddthinking
5781511
|
show 5 more comments
up vote
44
down vote
favorite
I was just surprised to see this suspicious promoted tweet, asking me to send Bitcoins
I added the hand-drawn red lines so I am not responsible for propagating the apparent scam.
Clicking on the user name seems to take me to the genuine Target page with the verified checkmark.
Clicking on the link to the tweet (i.e. "40m") gives me an error that the tweet no longer exists.
Clicking on the URL goes to a page that looks like the screenshot, and a list of transactions.
Is it fair for me to conclude: Target lost control of their Twitter account to an (internal or external) scammer, who is ripping off people who think they are having a give-away?
Is there another way their username could appear advertising a scam without access to their Twitter account credentials?
social-engineering bitcoin twitter social-media
asked Nov 13 at 11:34
Oddthinking
5781511
10
Is the screenshot from twitter.com? Did you check that HTTPS was used? But yeah, it sure looks like someone abused their account.
– Anders
Nov 13 at 11:49
10
Yes, it is from Twitter. Yes, it is https, and Chrome is happy with the certificate.
– Oddthinking
Nov 13 at 11:56
6
Then indeed Target has had their Twitter account hacked.
– forest
Nov 13 at 11:57
5
All that technical analysis and no mention of the atrocious grammar? I know that the art of writing well is quickly going the way of the dodo, but usually the PR folks manage to get it reasonably close.
– FreeMan
Nov 13 at 20:47
3
@FreeMan: That the tweet was suspicious wasn't the question. I was going to go on social media in response to say "Hey look! I was almost scammed by Target" when I realised wasn't an authority on this, and it might be something else - e.g. I was running malware which was attacking my Twitter page, or it was a fake Twitter account that just looked like Target's, or...
– Oddthinking
Nov 14 at 0:00
|
show 5 more comments
up vote
44
down vote
favorite
up vote
44
down vote
favorite
I was just surprised to see this suspicious promoted tweet, asking me to send Bitcoins
I added the hand-drawn red lines so I am not responsible for propagating the apparent scam.
Clicking on the user name seems to take me to the genuine Target page with the verified checkmark.
Clicking on the link to the tweet (i.e. "40m") gives me an error that the tweet no longer exists.
Clicking on the URL goes to a page that looks like the screenshot, and a list of transactions.
Is it fair for me to conclude: Target lost control of their Twitter account to an (internal or external) scammer, who is ripping off people who think they are having a give-away?
Is there another way their username could appear advertising a scam without access to their Twitter account credentials?
social-engineering bitcoin twitter social-media
asked Nov 13 at 11:34
Oddthinking
5781511
I was just surprised to see this suspicious promoted tweet, asking me to send Bitcoins
I added the hand-drawn red lines so I am not responsible for propagating the apparent scam.
Clicking on the user name seems to take me to the genuine Target page with the verified checkmark.
Clicking on the link to the tweet (i.e. "40m") gives me an error that the tweet no longer exists.
Clicking on the URL goes to a page that looks like the screenshot, and a list of transactions.
Is it fair for me to conclude: Target lost control of their Twitter account to an (internal or external) scammer, who is ripping off people who think they are having a give-away?
Is there another way their username could appear advertising a scam without access to their Twitter account credentials?
social-engineering bitcoin twitter social-media
social-engineering bitcoin twitter social-media
asked Nov 13 at 11:34
Oddthinking
5781511
asked Nov 13 at 11:34
Oddthinking
5781511
asked Nov 13 at 11:34
Oddthinking
5781511
asked Nov 13 at 11:34
Oddthinking
5781511
asked Nov 13 at 11:34
Oddthinking
5781511
5781511
10
Is the screenshot from twitter.com? Did you check that HTTPS was used? But yeah, it sure looks like someone abused their account.
– Anders
Nov 13 at 11:49
10
Yes, it is from Twitter. Yes, it is https, and Chrome is happy with the certificate.
– Oddthinking
Nov 13 at 11:56
6
Then indeed Target has had their Twitter account hacked.
– forest
Nov 13 at 11:57
5
All that technical analysis and no mention of the atrocious grammar? I know that the art of writing well is quickly going the way of the dodo, but usually the PR folks manage to get it reasonably close.
– FreeMan
Nov 13 at 20:47
3
@FreeMan: That the tweet was suspicious wasn't the question. I was going to go on social media in response to say "Hey look! I was almost scammed by Target" when I realised wasn't an authority on this, and it might be something else - e.g. I was running malware which was attacking my Twitter page, or it was a fake Twitter account that just looked like Target's, or...
– Oddthinking
Nov 14 at 0:00
|
show 5 more comments
10
Is the screenshot from twitter.com? Did you check that HTTPS was used? But yeah, it sure looks like someone abused their account.
– Anders
Nov 13 at 11:49
10
Yes, it is from Twitter. Yes, it is https, and Chrome is happy with the certificate.
– Oddthinking
Nov 13 at 11:56
6
Then indeed Target has had their Twitter account hacked.
– forest
Nov 13 at 11:57
5
All that technical analysis and no mention of the atrocious grammar? I know that the art of writing well is quickly going the way of the dodo, but usually the PR folks manage to get it reasonably close.
– FreeMan
Nov 13 at 20:47
3
@FreeMan: That the tweet was suspicious wasn't the question. I was going to go on social media in response to say "Hey look! I was almost scammed by Target" when I realised wasn't an authority on this, and it might be something else - e.g. I was running malware which was attacking my Twitter page, or it was a fake Twitter account that just looked like Target's, or...
– Oddthinking
Nov 14 at 0:00
10
10
Is the screenshot from twitter.com? Did you check that HTTPS was used? But yeah, it sure looks like someone abused their account.
– Anders
Nov 13 at 11:49
Is the screenshot from twitter.com? Did you check that HTTPS was used? But yeah, it sure looks like someone abused their account.
– Anders
Nov 13 at 11:49
10
10
Yes, it is from Twitter. Yes, it is https, and Chrome is happy with the certificate.
– Oddthinking
Nov 13 at 11:56
Yes, it is from Twitter. Yes, it is https, and Chrome is happy with the certificate.
– Oddthinking
Nov 13 at 11:56
6
6
Then indeed Target has had their Twitter account hacked.
– forest
Nov 13 at 11:57
Then indeed Target has had their Twitter account hacked.
– forest
Nov 13 at 11:57
5
5
All that technical analysis and no mention of the atrocious grammar? I know that the art of writing well is quickly going the way of the dodo, but usually the PR folks manage to get it reasonably close.
– FreeMan
Nov 13 at 20:47
All that technical analysis and no mention of the atrocious grammar? I know that the art of writing well is quickly going the way of the dodo, but usually the PR folks manage to get it reasonably close.
– FreeMan
Nov 13 at 20:47
3
3
@FreeMan: That the tweet was suspicious wasn't the question. I was going to go on social media in response to say "Hey look! I was almost scammed by Target" when I realised wasn't an authority on this, and it might be something else - e.g. I was running malware which was attacking my Twitter page, or it was a fake Twitter account that just looked like Target's, or...
– Oddthinking
Nov 14 at 0:00
@FreeMan: That the tweet was suspicious wasn't the question. I was going to go on social media in response to say "Hey look! I was almost scammed by Target" when I realised wasn't an authority on this, and it might be something else - e.g. I was running malware which was attacking my Twitter page, or it was a fake Twitter account that just looked like Target's, or...
– Oddthinking
Nov 14 at 0:00
|
show 5 more comments
2 Answers
2
active
oldest
votes
up vote
68
down vote
accepted
Yes, Target did have their account hacked. In fact, quite a lot of verified account holders have been hacked to further this scam. The scammers do this to impersonate other accounts, including Elon Musk's, by changing their name while retaining their verified status. In this case, it just looks like the scammer is using Target's account directly. This scam has made the hackers over $150,000.
The Elon Musk scam is the most well-known now, but it appears Target was caught as well.
answered Nov 13 at 13:51
forest
27.7k1385101
20
Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
– Wildcard
Nov 14 at 1:29
4
@Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
– forest
Nov 14 at 3:23
17
@forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
– Wildcard
Nov 14 at 3:48
8
And by "hacked" do we just mean their password was guessed?
– Lightness Races in Orbit
Nov 14 at 11:03
4
"This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
– Michaël Polla
Nov 14 at 12:51
|
show 7 more comments
up vote
31
down vote
Target has since confirmed my suspicion:
Hard Fork article
“Early this morning, Target’s Twitter account was inappropriately accessed” a company spokesperson told Hard Fork in an email. “The access lasted for approximately half an hour and one fake tweet was posted during that time about a Bitcoin scam.”
“We’re in close contact with Twitter, have deleted the tweet and have locked the account while we investigate further,” the retail giant further told Hard Fork. Unfortunately, the origin of the breach remains unclear.
Other reports of the incident include:
USA Today
The Next Wev
ZyCrypto
CryptoNews
answered Nov 13 at 15:24
Oddthinking
5781511
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
68
down vote
accepted
Yes, Target did have their account hacked. In fact, quite a lot of verified account holders have been hacked to further this scam. The scammers do this to impersonate other accounts, including Elon Musk's, by changing their name while retaining their verified status. In this case, it just looks like the scammer is using Target's account directly. This scam has made the hackers over $150,000.
The Elon Musk scam is the most well-known now, but it appears Target was caught as well.
answered Nov 13 at 13:51
forest
27.7k1385101
20
Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
– Wildcard
Nov 14 at 1:29
4
@Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
– forest
Nov 14 at 3:23
17
@forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
– Wildcard
Nov 14 at 3:48
8
And by "hacked" do we just mean their password was guessed?
– Lightness Races in Orbit
Nov 14 at 11:03
4
"This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
– Michaël Polla
Nov 14 at 12:51
|
show 7 more comments
up vote
68
down vote
accepted
Yes, Target did have their account hacked. In fact, quite a lot of verified account holders have been hacked to further this scam. The scammers do this to impersonate other accounts, including Elon Musk's, by changing their name while retaining their verified status. In this case, it just looks like the scammer is using Target's account directly. This scam has made the hackers over $150,000.
The Elon Musk scam is the most well-known now, but it appears Target was caught as well.
answered Nov 13 at 13:51
forest
27.7k1385101
20
Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
– Wildcard
Nov 14 at 1:29
4
@Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
– forest
Nov 14 at 3:23
17
@forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
– Wildcard
Nov 14 at 3:48
8
And by "hacked" do we just mean their password was guessed?
– Lightness Races in Orbit
Nov 14 at 11:03
4
"This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
– Michaël Polla
Nov 14 at 12:51
|
show 7 more comments
up vote
68
down vote
accepted
up vote
68
down vote
accepted
Yes, Target did have their account hacked. In fact, quite a lot of verified account holders have been hacked to further this scam. The scammers do this to impersonate other accounts, including Elon Musk's, by changing their name while retaining their verified status. In this case, it just looks like the scammer is using Target's account directly. This scam has made the hackers over $150,000.
The Elon Musk scam is the most well-known now, but it appears Target was caught as well.
answered Nov 13 at 13:51
forest
27.7k1385101
Yes, Target did have their account hacked. In fact, quite a lot of verified account holders have been hacked to further this scam. The scammers do this to impersonate other accounts, including Elon Musk's, by changing their name while retaining their verified status. In this case, it just looks like the scammer is using Target's account directly. This scam has made the hackers over $150,000.
The Elon Musk scam is the most well-known now, but it appears Target was caught as well.
answered Nov 13 at 13:51
forest
27.7k1385101
edited Nov 15 at 2:02
answered Nov 13 at 13:51
forest
27.7k1385101
answered Nov 13 at 13:51
forest
27.7k1385101
answered Nov 13 at 13:51
forest
27.7k1385101
27.7k1385101
20
Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
– Wildcard
Nov 14 at 1:29
4
@Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
– forest
Nov 14 at 3:23
17
@forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
– Wildcard
Nov 14 at 3:48
8
And by "hacked" do we just mean their password was guessed?
– Lightness Races in Orbit
Nov 14 at 11:03
4
"This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
– Michaël Polla
Nov 14 at 12:51
|
show 7 more comments
20
Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
– Wildcard
Nov 14 at 1:29
4
@Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
– forest
Nov 14 at 3:23
17
@forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
– Wildcard
Nov 14 at 3:48
8
And by "hacked" do we just mean their password was guessed?
– Lightness Races in Orbit
Nov 14 at 11:03
4
"This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
– Michaël Polla
Nov 14 at 12:51
20
20
Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
– Wildcard
Nov 14 at 1:29
Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
– Wildcard
Nov 14 at 1:29
4
4
@Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
– forest
Nov 14 at 3:23
@Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
– forest
Nov 14 at 3:23
17
17
@forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
– Wildcard
Nov 14 at 3:48
@forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
– Wildcard
Nov 14 at 3:48
8
8
And by "hacked" do we just mean their password was guessed?
– Lightness Races in Orbit
Nov 14 at 11:03
And by "hacked" do we just mean their password was guessed?
– Lightness Races in Orbit
Nov 14 at 11:03
4
4
"This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
– Michaël Polla
Nov 14 at 12:51
"This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
– Michaël Polla
Nov 14 at 12:51
|
show 7 more comments
up vote
31
down vote
Target has since confirmed my suspicion:
Hard Fork article
“Early this morning, Target’s Twitter account was inappropriately accessed” a company spokesperson told Hard Fork in an email. “The access lasted for approximately half an hour and one fake tweet was posted during that time about a Bitcoin scam.”
“We’re in close contact with Twitter, have deleted the tweet and have locked the account while we investigate further,” the retail giant further told Hard Fork. Unfortunately, the origin of the breach remains unclear.
Other reports of the incident include:
USA Today
The Next Wev
ZyCrypto
CryptoNews
answered Nov 13 at 15:24
Oddthinking
5781511
add a comment |
up vote
31
down vote
Target has since confirmed my suspicion:
Hard Fork article
“Early this morning, Target’s Twitter account was inappropriately accessed” a company spokesperson told Hard Fork in an email. “The access lasted for approximately half an hour and one fake tweet was posted during that time about a Bitcoin scam.”
“We’re in close contact with Twitter, have deleted the tweet and have locked the account while we investigate further,” the retail giant further told Hard Fork. Unfortunately, the origin of the breach remains unclear.
Other reports of the incident include:
USA Today
The Next Wev
ZyCrypto
CryptoNews
answered Nov 13 at 15:24
Oddthinking
5781511
add a comment |
up vote
31
down vote
up vote
31
down vote
Target has since confirmed my suspicion:
Hard Fork article
“Early this morning, Target’s Twitter account was inappropriately accessed” a company spokesperson told Hard Fork in an email. “The access lasted for approximately half an hour and one fake tweet was posted during that time about a Bitcoin scam.”
“We’re in close contact with Twitter, have deleted the tweet and have locked the account while we investigate further,” the retail giant further told Hard Fork. Unfortunately, the origin of the breach remains unclear.
Other reports of the incident include:
USA Today
The Next Wev
ZyCrypto
CryptoNews
answered Nov 13 at 15:24
Oddthinking
5781511
Target has since confirmed my suspicion:
Hard Fork article
“Early this morning, Target’s Twitter account was inappropriately accessed” a company spokesperson told Hard Fork in an email. “The access lasted for approximately half an hour and one fake tweet was posted during that time about a Bitcoin scam.”
“We’re in close contact with Twitter, have deleted the tweet and have locked the account while we investigate further,” the retail giant further told Hard Fork. Unfortunately, the origin of the breach remains unclear.
Other reports of the incident include:
USA Today
The Next Wev
ZyCrypto
CryptoNews
answered Nov 13 at 15:24
Oddthinking
5781511
answered Nov 13 at 15:24
Oddthinking
5781511
answered Nov 13 at 15:24
Oddthinking
5781511
answered Nov 13 at 15:24
Oddthinking
5781511
5781511
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197588%2fdoes-this-mean-targets-twitter-was-successfully-attacked%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
10
Is the screenshot from twitter.com? Did you check that HTTPS was used? But yeah, it sure looks like someone abused their account.
– Anders
Nov 13 at 11:49
10
Yes, it is from Twitter. Yes, it is https, and Chrome is happy with the certificate.
– Oddthinking
Nov 13 at 11:56
6
Then indeed Target has had their Twitter account hacked.
– forest
Nov 13 at 11:57
5
All that technical analysis and no mention of the atrocious grammar? I know that the art of writing well is quickly going the way of the dodo, but usually the PR folks manage to get it reasonably close.
– FreeMan
Nov 13 at 20:47
3
@FreeMan: That the tweet was suspicious wasn't the question. I was going to go on social media in response to say "Hey look! I was almost scammed by Target" when I realised wasn't an authority on this, and it might be something else - e.g. I was running malware which was attacking my Twitter page, or it was a fake Twitter account that just looked like Target's, or...
– Oddthinking
Nov 14 at 0:00