We’ve seen this before, and it’s worth noting again. A tweet from a blue-checked Elon Musk is all it takes to set a Bitcoin giveaway frenzy into motion. The only problem is that it’s just the same hoary old advance fee scam.
Hijacked verified Twitter accounts masquerading as Elon Musk are again being used to tweet messages, complete with typos, and a link to a webpage that’s supposed to be connected with Musk’s SpaceX. All this from a Twitter account complete with a verified blue check.
Motherboard’s Joseph Cox noted that the hijacked account actually retweeted genuine tweets from the real Elon Musk to appear more convincing. Other compromised accounts complete with blue check join in the thread, telling the marks that they’ve sent in Bitcoin and received more in return, just by retweeting the message to their own followers.
Scammers earn a tidy sum exploiting Twitter users’ gullibility, so shutting one scam down is just a small bump in the crooked road. As one is shuttered, another takes its place to entrap the gullible and greedy. Sometimes the scammers even get the spelling and grammar correct. One quick lesson to draw from this episode is that the blue check may not be much more help than the old green padlock as a marker of trustworthiness.
Reply All: Florida Scam Rehab Industry
Investigation into the Scam Rehab industry which started after the passage of Obamacare, which sucked in as many patients as possible and, if they had insurance, milked it for as much as possible.
An ambitious plan to help people goes off the rails, and a man from Florida tries to fix things the only way he knows how: with prank phone calls.
The dots do matter: how to scam a Gmail user
More generally, the phishing scam here is:
- Hammer the Netflix signup form until you find a
<span style="color: #000000;">gmail.com</span>address which is “already registered”. Let’s say you find the victim<span style="color: #000000;">jameshfisher</span>.- Create a Netflix account with address
<span style="color: #000000;">james.hfisher</span>.- Sign up for free trial with a throwaway card number.
- After Netflix applies the “active card check”, cancel the card.
- Wait for Netflix to bill the cancelled card. Then Netflix emails
<span style="color: #000000;">james.hfisher</span>asking for a valid card.- Hope Jim reads the email to
<span style="color: #000000;">james.hfisher</span>, assumes it’s for his Netflix account backed by<span style="color: #000000;">jameshfisher</span>, then enters his card<span style="color: #000000;">**** 1234</span>.- Change the email for the Netflix account to
<span style="color: #000000;">eve@gmail.com</span>, kicking Jim’s access to this account.- Use Netflix free forever with Jim’s card
<span style="color: #000000;">**** 1234</span>!
.. Actually, the blame lies with Gmail, and specifically Gmail’s “dots don’t matter” feature. The scam fundamentally relies on the Gmail user responding to an email with the assumption that it was sent to their canonical address, and not to some other address from their infinite address set.
.. Each Gmail user has one email address that they think of as theirs; all the others are mistakes.
.. Finally, Gmail users should be able to opt out of dots-don’t-matter. I wish for any mail sent to
james.hfisher@gmail.comto bounce instead of reaching my inbox. The dots-don’t-matter feature should be disabled by default for any new Google accounts, and eventually retired.
Hiya protects you from spam callers and phishing scams
Everybody hates spam calls. Beyond those annoying “you won a cruise” messages that interrupt your day and clog your voicemail, scammers can use your phone number in phishing schemes and even trick you into giving up precious personal information. Luckily, when it comes to blocking spam and flagging unwanted numbers, you’ve got options.
We like the app Hiya | Android | iOS | because it serves numbers with a side of context. Hiya gives bit more information about numbers outside of your contact list, flagging them as likely spam, a colleague from work or an important call from the doctor’s office. Hiya also lets you control and update a personalized block list and report nuisance callers.
Hiya aggregates spam lists from their carrier partners to offer comprehensive protection against annoying and phishy calls and texts. It’s ad-free and easy to use. Grab the app and start protecting yourself today.