Just 18 hours ago, the publisher Pantheon Books was tweeting about, well, books.
This morning, however, its Twitter avatar was Elon Musk and the account had been retweeting nearly everything the Tesla founder writes. This is not because Pantheon has an adoration for the controversial billionaire. Rather, the account appears to have been hacked–which, of course, is something that happens quite often on Twitter. But what makes this situation a little more interesting is twofold. One, the hackers were able to impersonate Elon Musk—right down to his familiar Twitter profile picture. And two, Pantheon is a verified Twitter account with a blue checkmark.
As a result, when my editor was scrolling through Twitter this morning, he noticed a promoted tweet from a blue checkmarked account claiming to be Elon Musk, which is pretty convincing at first glance. It announced that he was giving away 10,000 bitcoin to his community and was doing it via a “crypto-giveaway.” All people had to do was send 0.1 to 2 bitcoin to a wallet–for which the account provided handy QR code–and then, poof, they would be “entered” in this supposed giveaway.
Of course, this wasn’t actually Musk. It was a scam–one that has been going on for a while now. But given that the hackers both seized on a verified account, and were able to place an ad promoting this supposed crypto-giveaway, it’s possible that some people took the bait. And it points to a big vulnerability in ad platforms like Twitter and their vetting processes.
Though the Pantheon account was apparently seized for a few hours, in the time it took me to write these paragraphs, the tweet was taken down and the account seems to be in the process of recovery. Still, it raises the question of why Twitter’s ad system was unable to see any of the red flags at play. Not only did the account change its display name and avatar to those of a frequently impersonated celebrity, but it also tweeted about a bitcoin giveaway, which is a common scam. And it was apparently able to amplify this message by promoting the tweet.
I asked Twitter for comment about this and will update if I hear back.
We’re just a day away from the election. For months, we’ve been asking questions about automated digital advertising systems. While Facebook and Twitter try to make it clear that they want to make it harder for bad actors to send ads on their platforms, every day we see just how easy it is. Sometimes, the ads are targeting white supremacists, other times they’re promoting a bitcoin scam.
Whatever the post is, the underlying problem remains.