Target is the latest company to fall victim to a simple but effective Twitter-Bitcoin scam. The scam is about as straightforward as it gets: A tweet gets sent out by a well-respected brand or prominent individual. It contains a link which is likely to be clicked on, given that it’s from a prominent individual or well-respected brand.
The page at the other end of the link contains instructions that amount to a lot of hoop jumping. However, the verbiage makes it sound like if you send the company or prominent individual a small amount of Bitcoin, you’ll wind up getting a larger amount back. Of course, that part isn’t true, but a shocking percentage of people have fallen for it anyway. In fact, when hackers took control of Target’s Twitter account for an hour and a half recently, the tweet and link they sent out netted them nearly forty thousand dollars. Not bad for an hour and a half’s worth of work.
For their part, Target deleted the tweet once they realized what had occurred, changed their password, and sent out an apology. Truth be told, this is as much Twitter’s issue as it is Target’s.
When the hackers sent out the tweet via Target’s account, they posted it as an ad so they could pay to promote it, ensuring even more exposure. In order for it to be approved in that form, however, someone at Twitter would have had to review and manually approve it. While it’s true that the responsibility for the password lies with Target, given how common this scam is becoming, the Twitter staff should have caught it, but didn’t.
In any case, this incident contains a couple of good lessons. It pays to be mindful of the latest scam making the rounds if you use Twitter for marketing.