Verified Twitter Profile Used for Impersonating Users in Scams
This Wednesday, the verified Twitter account of freelance film producer and director Seif Elsbei’s (@seifsbei), which has Twitter’s desired blue checkmark and over 83,000 followers, was used to impersonate official accounts of Verge developers, according to a report made by The Next Web. The cryptocurrency received considerable attention this Tuesday with Pornhub’s announcement that it would accept it as a payment method.
Verge’s real account, @vergecurrency, does not have a verified checkmark, which the hacker behind @seifsbei took as an opportunity to pose as a Verge developer. Twitter lets verified users change their accounts’ display name without risking to lose their verified status, and because of this loophole, @seifsbei assumed the display name vergecurreǹcy. They then went on to retweet messages from the real verge account.
Not long after that, @seifsbei switched to pose as the Bitfinex exchange under the name Ƀitfinex. After the Bitfinex users were targeted, the account went dark and then it was recovered by its owner.
A Google search for the account reveals that it was posing as another exchange, Bittrex (as Ƀittrex) before it impersonating the Verge team or Bitfinex.
According to The Next Web, the hacker previously used the account to pass off as Ethereum’s founder Vitalik Buterin. Account history retweets indicate that it was also posting under the display name of @bitcoin and as well as those from the Tron project.
Before this week, @seifsbei tweeted almost entirely in Arabic. Seifsbei then announced on his Facebook page Tuesday about the hacking of his account, and now it appears that the handle has been recovered.
The account removed its image and name before the owner’s real information was returned. For the moment, the account still has its checkmark.