Scam campaigns around Elon Musk’s appearance on Saturday Night Live compromised dozens of verified Youtube and Twitter accounts
Satnam Narang, Staff Research Engineer at Tenable, the Cyber Exposure company, found dozens of compromised social media accounts that peddled fake cryptocurrency scams in the lead up to SpaceX and Tesla CEO Elon Musk’s appearance on NBC’s Saturday Night Light. Narang estimates that scammers netted over $10 million (USD) between May 7-9. Narang’s analysis revealed that scammers stole over $9.4 million in Dogecoin, $609,000 Bitcoin and at least $423,000 Ethereum.
Popular YouTube account Wave Music Bhojpuri, a channel with 18.9 million subscribers, was hijacked during the scam campaign. Other compromised YouTube channels were also observed in the United States, Brazil, Germany, Indonesia, the Philippines, Saudi Arabia and Kazakhstan to promote phoney cryptocurrency giveaways.
The largest single grossing Dogecoin address used in these campaigns was a YouTube Live video linked to dogecoin-snl[.]com. One particular compromised YouTube channel operated by a scammer rotated multiple domains and wallet addresses to scam $1.6 million dollars in Dogecoin. The videos on this channel comprised nearly 2,000,000 viewers across several live streams.
Commenting on the success of these scam campaigns, Narang said that there’s an urgent need for heightened cybersecurity measures within social media organisations.
“The onus is on social media sites, such as Twitter and YouTube, to close down these campaigns. Proactive steps to monitor for changes of verified Twitter and YouTube channels, particularly those with a large number of subscribers, would help stop these scams in their tracks,” said Narang. “Social media organisations should enforce two-factor authentication on verified accounts with large numbers of followers or subscribers. Social media platforms need to scrutinise such accounts because verified badges are invaluable, not just to notable figures, but also the people who rely on them to identify fact from fiction. Scammers are eroding that trust. Enforcing more stringent policies for these Twitter accounts and YouTube channels won’t stop the cryptocurrency scams from persisting, but they can help stem the tide.”
You can find the full blog available here. If you’re interested in more detail on the report findings, Satnam Narang is available for further comment.
Tenable® is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.