“The Twitter account of the Indian Government’s Ministry of Jal Shakti (Water Resources) was hacked on December 27 (Morning of December 28 IST) to promote a fraudulent cryptocurrency giveaway using Elon Musk’s likeness and the businesses he is associated with, including Tesla and Twitter. The account was used to reply to notable cryptocurrency influencers and news outlets like CoinDesk.
Hacking verified Twitter accounts is a common approach undertaken by hackers. However, since Musk took over Twitter, some changes have been made with respect to verified accounts, making it harder for cyber attackers to pivot a verified profile to impersonate businesses like Tesla or Twitter. However, this is one of the first instances we’ve seen within the new verification system that a gray verified badge, which is associated with government agencies, was hacked and used to promote a fake cryptocurrency giveaway.
In addition to the hacking of a verified government account, the hackers elevated the reach of the scams by retweeting and liking the post from several bot accounts.
The fake cryptocurrency giveaway is one of the most tried and true methods of cryptocurrency scams, offering users an opportunity to double their cryptocurrency as part of a fake “event” not actually sanctioned by the companies mentioned. The goal is to convince users to send their cryptocurrency, either Bitcoin or Ethereum, to a cryptocurrency address, with the promise of doubling it. This is called advanced fee fraud or trust trading. Users never receive anything back, and because cryptocurrencies are decentralized, users have no recourse of recovering their lost cryptocurrency.
Users should be skeptical of such extravagant giveaways on social media, and remember that if they are asked to send some money up-front (advanced fee) to participate or win a giveaway, there is a 99.9% chance they are being scammed.” – Satnam Narang, Sr. Staff Research Engineer, Tenable