Verified Accounts Are A Target For Cryptocurrency Thieves
Compromised official accounts with the nod from Twitter go from verified to vilified as they spread phishing campaigns.
As far as unwitting vehicles for scams go, Twitter may take the cake. Now, accounts verified by Twitter that have succumbed to hackers have become prime means of transporting cryptocurrency phishing campaigns.
A good example of this is @Givenchy, the Twitter handle of a popular Parisian high fashion retailer, with close to 1 million followers. @Givenchy features a little blue check mark of approval from Twitter, meaning that they are an officially recognized account. But say @Givenchy’s gets email hacked, or for some reason best security practices are not followed. Well that’s exactly what happened just before the weekend of September 22, 2018 and the result was this:
Which lead to this:
Which lead to this:
By the way, the malicious resources shared by the account during the breach were all classified as phishing by MetaCert Protocol.
It’s easy to see that Twitter has become a toxic place, but how did this happen? Why is a clothing vendor suddenly the target for a cryptocurrency phishing proliferation campaign? Part of the problem is that the “verified” status for accounts isn’t handed out on an even playing field, and since shutting down verifications indefinitely, on February 26, 2018, verified accounts have become even more sought after.
What we have now is a situation where people with verified accounts can be stripped of their blue check mark should their behavior deviate from Twitter’s perception of good. In the meantime, no one else can get a verified status, meaning that it’s become something sought after, sheerly by virtue of Twitter making them scarce by bottlenecking issuance. This means that Twitter may have inadvertently turned verified account holders in the targets of hackers. People hell bent on scamming the world are more likely to target this type of account since it has the credibility of Twitter’s official seal of verification.
Twitter was even forced to acknowledge the fact that the manner in which it chose to verify accounts gave users the impression of favoritism, or an endorsement, which the company refutes. The problem is that whether or not there was an intention to endorse verified accounts, the lasting impression is that Twitter stands behind what people with that little blue check mark say. Even if it’s not the case.
The community responded to @Givenchy’s malicious tweets before Twitter was able to shut the scam. Eventually the account was temporarily shut down and has been since restored, but during that time a number of individuals were exposed to a scam in their Twitter feed from a verified account. If Twitter’s response system were more agile, chances are good people would have been better protected.
We’d like to invite Twitter’s Verified team to work with MetaCert towards what we believe is the best solution. With a few lines of code MetaCert Protocol’s classification system can aid Twitter in the effort to weed out malicious accounts. To prove how well it works, we’ve already fine tuned Cryptonite, our free anti-phishing browser extension for Chrome, Firefox, and Opera, to annotate validated cryptocurrency related Twitter handles with a green shield; so you know that the person tweeting about cryptocurrency isn’t trying to pull the wool over your eyes. Cryptonite also blocks the phishing sites shared by fraudsters.
Download Cryptonite today and you’ll see what a difference it can make surfing Twitter. It’s also the only way to participate in the MetaCert Protocol Beta Program, where participants can earn a bonus on tokens they purchase to test the protocol.
MetaCert is dedicated to providing a sane solution for resource validation on the web. To find out more about how MetaCert is the new shield of trust for the internet, get involved in our Telegram community, and follow us @MetaCert on Twitter. To learn more about blockchain project, you can also check out white paper and technical paper.
MetaCert Protocol is the new shield of trust for the internet.
MetaCert Protocol is decentralizing cybersecurity for the Internet, by defining ownership and URL classification information about domain names, applications, bots, crypto wallet addresses, social media accounts and APIs. The Protocol’s registry can be used by ISPs, routers, Wi-Fi hotspots, crypto wallets and exchanges, mobile devices, browsers and apps, to help address cyber threats such as phishing, malware, brand protection, child safety and news credibility. Think of MetaCert Protocol as the modern version of the outdated browser padlock and whois database combined.
