Does this mean Target's twitter was successfully attacked?











up vote
44
down vote

favorite
2












I was just surprised to see this suspicious promoted tweet, asking me to send Bitcoins



Promoted tweet from Target



I added the hand-drawn red lines so I am not responsible for propagating the apparent scam.



Clicking on the user name seems to take me to the genuine Target page with the verified checkmark.



Clicking on the link to the tweet (i.e. "40m") gives me an error that the tweet no longer exists.



Clicking on the URL goes to a page that looks like the screenshot, and a list of transactions.





Is it fair for me to conclude: Target lost control of their Twitter account to an (internal or external) scammer, who is ripping off people who think they are having a give-away?



Is there another way their username could appear advertising a scam without access to their Twitter account credentials?










share|improve this question


















  • 10




    Is the screenshot from twitter.com? Did you check that HTTPS was used? But yeah, it sure looks like someone abused their account.
    – Anders
    Nov 13 at 11:49






  • 10




    Yes, it is from Twitter. Yes, it is https, and Chrome is happy with the certificate.
    – Oddthinking
    Nov 13 at 11:56






  • 6




    Then indeed Target has had their Twitter account hacked.
    – forest
    Nov 13 at 11:57








  • 5




    All that technical analysis and no mention of the atrocious grammar? I know that the art of writing well is quickly going the way of the dodo, but usually the PR folks manage to get it reasonably close.
    – FreeMan
    Nov 13 at 20:47






  • 3




    @FreeMan: That the tweet was suspicious wasn't the question. I was going to go on social media in response to say "Hey look! I was almost scammed by Target" when I realised wasn't an authority on this, and it might be something else - e.g. I was running malware which was attacking my Twitter page, or it was a fake Twitter account that just looked like Target's, or...
    – Oddthinking
    Nov 14 at 0:00















up vote
44
down vote

favorite
2












I was just surprised to see this suspicious promoted tweet, asking me to send Bitcoins



Promoted tweet from Target



I added the hand-drawn red lines so I am not responsible for propagating the apparent scam.



Clicking on the user name seems to take me to the genuine Target page with the verified checkmark.



Clicking on the link to the tweet (i.e. "40m") gives me an error that the tweet no longer exists.



Clicking on the URL goes to a page that looks like the screenshot, and a list of transactions.





Is it fair for me to conclude: Target lost control of their Twitter account to an (internal or external) scammer, who is ripping off people who think they are having a give-away?



Is there another way their username could appear advertising a scam without access to their Twitter account credentials?










share|improve this question


















  • 10




    Is the screenshot from twitter.com? Did you check that HTTPS was used? But yeah, it sure looks like someone abused their account.
    – Anders
    Nov 13 at 11:49






  • 10




    Yes, it is from Twitter. Yes, it is https, and Chrome is happy with the certificate.
    – Oddthinking
    Nov 13 at 11:56






  • 6




    Then indeed Target has had their Twitter account hacked.
    – forest
    Nov 13 at 11:57








  • 5




    All that technical analysis and no mention of the atrocious grammar? I know that the art of writing well is quickly going the way of the dodo, but usually the PR folks manage to get it reasonably close.
    – FreeMan
    Nov 13 at 20:47






  • 3




    @FreeMan: That the tweet was suspicious wasn't the question. I was going to go on social media in response to say "Hey look! I was almost scammed by Target" when I realised wasn't an authority on this, and it might be something else - e.g. I was running malware which was attacking my Twitter page, or it was a fake Twitter account that just looked like Target's, or...
    – Oddthinking
    Nov 14 at 0:00













up vote
44
down vote

favorite
2









up vote
44
down vote

favorite
2






2





I was just surprised to see this suspicious promoted tweet, asking me to send Bitcoins



Promoted tweet from Target



I added the hand-drawn red lines so I am not responsible for propagating the apparent scam.



Clicking on the user name seems to take me to the genuine Target page with the verified checkmark.



Clicking on the link to the tweet (i.e. "40m") gives me an error that the tweet no longer exists.



Clicking on the URL goes to a page that looks like the screenshot, and a list of transactions.





Is it fair for me to conclude: Target lost control of their Twitter account to an (internal or external) scammer, who is ripping off people who think they are having a give-away?



Is there another way their username could appear advertising a scam without access to their Twitter account credentials?










share|improve this question













I was just surprised to see this suspicious promoted tweet, asking me to send Bitcoins



Promoted tweet from Target



I added the hand-drawn red lines so I am not responsible for propagating the apparent scam.



Clicking on the user name seems to take me to the genuine Target page with the verified checkmark.



Clicking on the link to the tweet (i.e. "40m") gives me an error that the tweet no longer exists.



Clicking on the URL goes to a page that looks like the screenshot, and a list of transactions.





Is it fair for me to conclude: Target lost control of their Twitter account to an (internal or external) scammer, who is ripping off people who think they are having a give-away?



Is there another way their username could appear advertising a scam without access to their Twitter account credentials?







social-engineering bitcoin twitter social-media






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 13 at 11:34









Oddthinking

5781511




5781511








  • 10




    Is the screenshot from twitter.com? Did you check that HTTPS was used? But yeah, it sure looks like someone abused their account.
    – Anders
    Nov 13 at 11:49






  • 10




    Yes, it is from Twitter. Yes, it is https, and Chrome is happy with the certificate.
    – Oddthinking
    Nov 13 at 11:56






  • 6




    Then indeed Target has had their Twitter account hacked.
    – forest
    Nov 13 at 11:57








  • 5




    All that technical analysis and no mention of the atrocious grammar? I know that the art of writing well is quickly going the way of the dodo, but usually the PR folks manage to get it reasonably close.
    – FreeMan
    Nov 13 at 20:47






  • 3




    @FreeMan: That the tweet was suspicious wasn't the question. I was going to go on social media in response to say "Hey look! I was almost scammed by Target" when I realised wasn't an authority on this, and it might be something else - e.g. I was running malware which was attacking my Twitter page, or it was a fake Twitter account that just looked like Target's, or...
    – Oddthinking
    Nov 14 at 0:00














  • 10




    Is the screenshot from twitter.com? Did you check that HTTPS was used? But yeah, it sure looks like someone abused their account.
    – Anders
    Nov 13 at 11:49






  • 10




    Yes, it is from Twitter. Yes, it is https, and Chrome is happy with the certificate.
    – Oddthinking
    Nov 13 at 11:56






  • 6




    Then indeed Target has had their Twitter account hacked.
    – forest
    Nov 13 at 11:57








  • 5




    All that technical analysis and no mention of the atrocious grammar? I know that the art of writing well is quickly going the way of the dodo, but usually the PR folks manage to get it reasonably close.
    – FreeMan
    Nov 13 at 20:47






  • 3




    @FreeMan: That the tweet was suspicious wasn't the question. I was going to go on social media in response to say "Hey look! I was almost scammed by Target" when I realised wasn't an authority on this, and it might be something else - e.g. I was running malware which was attacking my Twitter page, or it was a fake Twitter account that just looked like Target's, or...
    – Oddthinking
    Nov 14 at 0:00








10




10




Is the screenshot from twitter.com? Did you check that HTTPS was used? But yeah, it sure looks like someone abused their account.
– Anders
Nov 13 at 11:49




Is the screenshot from twitter.com? Did you check that HTTPS was used? But yeah, it sure looks like someone abused their account.
– Anders
Nov 13 at 11:49




10




10




Yes, it is from Twitter. Yes, it is https, and Chrome is happy with the certificate.
– Oddthinking
Nov 13 at 11:56




Yes, it is from Twitter. Yes, it is https, and Chrome is happy with the certificate.
– Oddthinking
Nov 13 at 11:56




6




6




Then indeed Target has had their Twitter account hacked.
– forest
Nov 13 at 11:57






Then indeed Target has had their Twitter account hacked.
– forest
Nov 13 at 11:57






5




5




All that technical analysis and no mention of the atrocious grammar? I know that the art of writing well is quickly going the way of the dodo, but usually the PR folks manage to get it reasonably close.
– FreeMan
Nov 13 at 20:47




All that technical analysis and no mention of the atrocious grammar? I know that the art of writing well is quickly going the way of the dodo, but usually the PR folks manage to get it reasonably close.
– FreeMan
Nov 13 at 20:47




3




3




@FreeMan: That the tweet was suspicious wasn't the question. I was going to go on social media in response to say "Hey look! I was almost scammed by Target" when I realised wasn't an authority on this, and it might be something else - e.g. I was running malware which was attacking my Twitter page, or it was a fake Twitter account that just looked like Target's, or...
– Oddthinking
Nov 14 at 0:00




@FreeMan: That the tweet was suspicious wasn't the question. I was going to go on social media in response to say "Hey look! I was almost scammed by Target" when I realised wasn't an authority on this, and it might be something else - e.g. I was running malware which was attacking my Twitter page, or it was a fake Twitter account that just looked like Target's, or...
– Oddthinking
Nov 14 at 0:00










2 Answers
2






active

oldest

votes

















up vote
68
down vote



accepted










Yes, Target did have their account hacked. In fact, quite a lot of verified account holders have been hacked to further this scam. The scammers do this to impersonate other accounts, including Elon Musk's, by changing their name while retaining their verified status. In this case, it just looks like the scammer is using Target's account directly. This scam has made the hackers over $150,000.



The Elon Musk scam is the most well-known now, but it appears Target was caught as well.






share|improve this answer



















  • 20




    Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
    – Wildcard
    Nov 14 at 1:29








  • 4




    @Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
    – forest
    Nov 14 at 3:23






  • 17




    @forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
    – Wildcard
    Nov 14 at 3:48






  • 8




    And by "hacked" do we just mean their password was guessed?
    – Lightness Races in Orbit
    Nov 14 at 11:03






  • 4




    "This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
    – Michaël Polla
    Nov 14 at 12:51


















up vote
31
down vote













Target has since confirmed my suspicion:



Hard Fork article




“Early this morning, Target’s Twitter account was inappropriately accessed” a company spokesperson told Hard Fork in an email. “The access lasted for approximately half an hour and one fake tweet was posted during that time about a Bitcoin scam.”



“We’re in close contact with Twitter, have deleted the tweet and have locked the account while we investigate further,” the retail giant further told Hard Fork. Unfortunately, the origin of the breach remains unclear.




Other reports of the incident include:




  • USA Today


  • The Next Wev


  • ZyCrypto


  • CryptoNews







share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "162"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














     

    draft saved


    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197588%2fdoes-this-mean-targets-twitter-was-successfully-attacked%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    68
    down vote



    accepted










    Yes, Target did have their account hacked. In fact, quite a lot of verified account holders have been hacked to further this scam. The scammers do this to impersonate other accounts, including Elon Musk's, by changing their name while retaining their verified status. In this case, it just looks like the scammer is using Target's account directly. This scam has made the hackers over $150,000.



    The Elon Musk scam is the most well-known now, but it appears Target was caught as well.






    share|improve this answer



















    • 20




      Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
      – Wildcard
      Nov 14 at 1:29








    • 4




      @Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
      – forest
      Nov 14 at 3:23






    • 17




      @forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
      – Wildcard
      Nov 14 at 3:48






    • 8




      And by "hacked" do we just mean their password was guessed?
      – Lightness Races in Orbit
      Nov 14 at 11:03






    • 4




      "This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
      – Michaël Polla
      Nov 14 at 12:51















    up vote
    68
    down vote



    accepted










    Yes, Target did have their account hacked. In fact, quite a lot of verified account holders have been hacked to further this scam. The scammers do this to impersonate other accounts, including Elon Musk's, by changing their name while retaining their verified status. In this case, it just looks like the scammer is using Target's account directly. This scam has made the hackers over $150,000.



    The Elon Musk scam is the most well-known now, but it appears Target was caught as well.






    share|improve this answer



















    • 20




      Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
      – Wildcard
      Nov 14 at 1:29








    • 4




      @Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
      – forest
      Nov 14 at 3:23






    • 17




      @forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
      – Wildcard
      Nov 14 at 3:48






    • 8




      And by "hacked" do we just mean their password was guessed?
      – Lightness Races in Orbit
      Nov 14 at 11:03






    • 4




      "This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
      – Michaël Polla
      Nov 14 at 12:51













    up vote
    68
    down vote



    accepted







    up vote
    68
    down vote



    accepted






    Yes, Target did have their account hacked. In fact, quite a lot of verified account holders have been hacked to further this scam. The scammers do this to impersonate other accounts, including Elon Musk's, by changing their name while retaining their verified status. In this case, it just looks like the scammer is using Target's account directly. This scam has made the hackers over $150,000.



    The Elon Musk scam is the most well-known now, but it appears Target was caught as well.






    share|improve this answer














    Yes, Target did have their account hacked. In fact, quite a lot of verified account holders have been hacked to further this scam. The scammers do this to impersonate other accounts, including Elon Musk's, by changing their name while retaining their verified status. In this case, it just looks like the scammer is using Target's account directly. This scam has made the hackers over $150,000.



    The Elon Musk scam is the most well-known now, but it appears Target was caught as well.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Nov 15 at 2:02

























    answered Nov 13 at 13:51









    forest

    26.3k128296




    26.3k128296








    • 20




      Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
      – Wildcard
      Nov 14 at 1:29








    • 4




      @Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
      – forest
      Nov 14 at 3:23






    • 17




      @forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
      – Wildcard
      Nov 14 at 3:48






    • 8




      And by "hacked" do we just mean their password was guessed?
      – Lightness Races in Orbit
      Nov 14 at 11:03






    • 4




      "This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
      – Michaël Polla
      Nov 14 at 12:51














    • 20




      Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
      – Wildcard
      Nov 14 at 1:29








    • 4




      @Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
      – forest
      Nov 14 at 3:23






    • 17




      @forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
      – Wildcard
      Nov 14 at 3:48






    • 8




      And by "hacked" do we just mean their password was guessed?
      – Lightness Races in Orbit
      Nov 14 at 11:03






    • 4




      "This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
      – Michaël Polla
      Nov 14 at 12:51








    20




    20




    Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
    – Wildcard
    Nov 14 at 1:29






    Is it just me, or does it seem to anyone else that Twitter could prevent this really easily just by disallowing name changes for verified accounts (except when manually reviewed)?
    – Wildcard
    Nov 14 at 1:29






    4




    4




    @Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
    – forest
    Nov 14 at 3:23




    @Wildcard That wouldn't protect from the fact that the verified accounts themselves got hacked. So sure, you couldn't have a verified account impersonate Elon Musk, but if you hacked Target's account (as happened here), you can still use it to further the scam.
    – forest
    Nov 14 at 3:23




    17




    17




    @forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
    – Wildcard
    Nov 14 at 3:48




    @forest, right, but right now there's a security hole allowing so-called "verified" users to impersonate other verified users and appear as though they were verified to be those other users. (As in the Elon Musk impersonators.) This makes "verified" a meaningless attribute.
    – Wildcard
    Nov 14 at 3:48




    8




    8




    And by "hacked" do we just mean their password was guessed?
    – Lightness Races in Orbit
    Nov 14 at 11:03




    And by "hacked" do we just mean their password was guessed?
    – Lightness Races in Orbit
    Nov 14 at 11:03




    4




    4




    "This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
    – Michaël Polla
    Nov 14 at 12:51




    "This scam has made the hackers over $150,000." It still amazes me that in 2018 this kind of scam (send 1, receive 10) still works.
    – Michaël Polla
    Nov 14 at 12:51












    up vote
    31
    down vote













    Target has since confirmed my suspicion:



    Hard Fork article




    “Early this morning, Target’s Twitter account was inappropriately accessed” a company spokesperson told Hard Fork in an email. “The access lasted for approximately half an hour and one fake tweet was posted during that time about a Bitcoin scam.”



    “We’re in close contact with Twitter, have deleted the tweet and have locked the account while we investigate further,” the retail giant further told Hard Fork. Unfortunately, the origin of the breach remains unclear.




    Other reports of the incident include:




    • USA Today


    • The Next Wev


    • ZyCrypto


    • CryptoNews







    share|improve this answer

























      up vote
      31
      down vote













      Target has since confirmed my suspicion:



      Hard Fork article




      “Early this morning, Target’s Twitter account was inappropriately accessed” a company spokesperson told Hard Fork in an email. “The access lasted for approximately half an hour and one fake tweet was posted during that time about a Bitcoin scam.”



      “We’re in close contact with Twitter, have deleted the tweet and have locked the account while we investigate further,” the retail giant further told Hard Fork. Unfortunately, the origin of the breach remains unclear.




      Other reports of the incident include:




      • USA Today


      • The Next Wev


      • ZyCrypto


      • CryptoNews







      share|improve this answer























        up vote
        31
        down vote










        up vote
        31
        down vote









        Target has since confirmed my suspicion:



        Hard Fork article




        “Early this morning, Target’s Twitter account was inappropriately accessed” a company spokesperson told Hard Fork in an email. “The access lasted for approximately half an hour and one fake tweet was posted during that time about a Bitcoin scam.”



        “We’re in close contact with Twitter, have deleted the tweet and have locked the account while we investigate further,” the retail giant further told Hard Fork. Unfortunately, the origin of the breach remains unclear.




        Other reports of the incident include:




        • USA Today


        • The Next Wev


        • ZyCrypto


        • CryptoNews







        share|improve this answer












        Target has since confirmed my suspicion:



        Hard Fork article




        “Early this morning, Target’s Twitter account was inappropriately accessed” a company spokesperson told Hard Fork in an email. “The access lasted for approximately half an hour and one fake tweet was posted during that time about a Bitcoin scam.”



        “We’re in close contact with Twitter, have deleted the tweet and have locked the account while we investigate further,” the retail giant further told Hard Fork. Unfortunately, the origin of the breach remains unclear.




        Other reports of the incident include:




        • USA Today


        • The Next Wev


        • ZyCrypto


        • CryptoNews








        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 13 at 15:24









        Oddthinking

        5781511




        5781511






























             

            draft saved


            draft discarded



















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197588%2fdoes-this-mean-targets-twitter-was-successfully-attacked%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            AnyDesk - Fatal Program Failure

            How to calibrate 16:9 built-in touch-screen to a 4:3 resolution?

            QoS: MAC-Priority for clients behind a repeater