Social media provides a cheap and easy way for brands to connect with thousands of their customers. Every day, thousands of consumers send questions or requests for support to brands using platforms like Twitter and Facebook.
Large brands like Tesco even employ teams of people to manage these interactions. In between answering questions, they will run promotions, highlight special deals or share updates to ‘engage’ their followers.
Hackers love social media
Social media is a goldmine for hackers. Many people share too much information for instance, providing clues about their password, home address or even bank account – details that can be used by experienced cybercriminals to commit identity fraud, or to break into other online accounts.
Hacktivists, hackers who break into computer systems for political reasons, also like to target social media. Breaking into a high-profile account belonging to a celebrity or large company allows these people to highlight specific issues like climate change, or shady business practices. And because these accounts are followed by thousands of people, the message quickly spreads across social media.
An unusual extortion attempt
When the Tesco Twitter account was breached recently, the hackers took a slightly different approach. Instead of stealing data, or highlighting a specific cause, they tried to scam all 2.1 million people following @tesco.
The scam was simple. Followers were asked to send Bitcoin to a specific wallet address. In return the hackers, pretending to be Tesco, promised that the money would be doubled and returned to everyone who made a payment.
The hackers then doubled-down on their stunt, retweeting tech celebrity Bill Gates in an effort to give some credibility to their request. They even changed the name of the account in the hope that Tesco’s followers would think Gates was making the promises.
Eventually the Tesco social media team realised there was a problem, and with Twitter’s assistance were able to regain control of the account.
People are getting smarter
Reviewing the incident, security researchers discovered that the hackers had received precisely nothing in their Bitcoin wallet. Absolutely no one was fooled by the scam. This is actually great news because it means that social media users are getting better at spotting – and ignoring – online scams.
Obviously this particular scam wasn’t particularly subtle or clever, but after years of high-profile scams and hackings, people have learned not to trust everything they see online. They knew that the “offer” was completely out of character for Tesco or Bill Gates – and so they ignored it.
Whether people are able to spot a more sophistcated scam remains to be seen. But we are clearly moving in the right direction at last.