WatchPoint Security Blog

Google and Target Accounts Hacked in Latest Cryptocurrency Scams

Written by Jordan Kadlec | November 16, 2018

On Tuesday (Nov. 13), hackers took over the Twitter accounts of Target and Google’s G Suite to promote fake cryptocurrency giveaways. This comes just eleven days after the SEC’s annual report revealed how digital currency scams are among the agency’s top enforcement priorities.

Google and Target Hack

While Google and Target are grabbing headlines given their global recognition, Twitter accounts for Farah Menswear, the Australian office of IT consulting firm Capgemini, the Consulate General of India in Germany, California state senator Ben Allen, and Israeli politician Rachel Azaria, were all comprised a day earlier (Monday, Nov. 12). Most notable were the compromised accounts of Farah and Capgemini as these accounts were changed to impersonate Elon Musk. As we can see in the tweet below, hackers changed the name of the account to Elon Musk, but the username remained the same. As these accounts are verified with the blue check marks, users would need to pay close attention to realize it’s not actually Musk giving away 10,000 Bitcoin.

As for Google’s G Suite and Target, hackers used the same scheme by offering a giveaway for 5,000 Bitcoin. Per the tweet below, Target is promoting the giveaway as a celebration for accepting Bitcoin for payment.

So, how does the scam work? Scammers are asking users to send a small amount of Bitcoin for a large return. In one scam, hackers were asking users to send 0.1 Bitcoin to “verify their Bitcoin account,” and in return, the scammer will send them 10 Bitcoin. Sounds too good to be true, right? Well, it is.

There’s an extremely easy way for these companies to protect their social media accounts from becoming compromised – two-factor authentication (2FA). Ironically, we published an article earlier this month highlighting how easy 2FA is to implement and how valuable it can be. With such an expansive reach on social media, it’s truly negligent on the company’s part not to have 2FA enabled. 

SEC’s Annual Report

At the beginning of November, the Securities and Exchange Commission released its annual report; revealing that digital currency scams are among the agency’s top enforcement priorities. As opposed to the Twitter hacks, the SEC is focused on Initial Coin Offerings (ICOs), which involve the sale of digital tokens related to blockchain projects.

“In the past year, the (enforcement) Division has opened dozens of investigations involving ICOs and digital assets, many of which were ongoing at the close of FY 2018,” the SEC states in a section of its report.

While many projects related to ICOs are complete or on their way to fruition, several others have failed to deliver on their promises and turned out to be outright fraud.

Aside from investigating fraud, the SEC is also focusing on pursuing cases to ensure compliance with the registration requirements of the federal securities laws. The issue of securities registration is currently a pre-occupation of many cryptocurrencies as they can not use an ICO to sell tokens to the general public.

While the report mostly focuses on the negative impacts of the cryptocurrency economy, it did acknowledge the economy has positive attributes as well.

“The Enforcement Division recognizes the need to balance its mission to protect investors from the risk posed by fraud and registration violations against the risk of stifling innovation and legitimate capital formation.”

While cryptocurrencies were developed as a peer-to-peer payment network, powered by its users and free from intermediaries, it quickly turned into a form of payment for cybercriminals to use on the dark web. As such, it’s no surprise the cryptocurrency market is creating havoc for regulators and cybersecurity experts alike.