Cyber Incident Victim: Google
Date:
Nov 2018
Location:
United States of America
Summary
A verified Twitter account associated with Google was compromised to promote a fraudulent Bitcoin giveaway scam, falsely claiming the company accepted cryptocurrency payments. The unauthorized tweet, promising large returns for small investments, remained visible for approximately 10 minutes before removal. This incident mirrored similar attacks targeting high-profile verified accounts, including those of major corporations, government entities, and public figures, where attackers impersonated legitimate entities or altered profiles to lend credibility. The scams exploited classic financial fraud tactics, resembling advance-fee schemes historically prevalent in email. Security researchers highlighted systemic vulnerabilities in Twitter’s account security practices, advocating for stronger authentication measures to prevent such breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 13, 2018, the verified Twitter account of Google’s G Suite, with over 800,000 followers, was compromised by attackers promoting a fraudulent Bitcoin giveaway scheme. The hijacked account posted a tweet falsely claiming Google would distribute 10,000 Bitcoin (approximately $62,000 at the time) to users who sent cryptocurrency payments to a specified address. The scam tweet also deceptively announced that G Suite had begun accepting cryptocurrency payments, contradicting Google’s June 2018 policy restricting cryptocurrency advertisements. The malicious post remained visible on the account’s feed and homepage for approximately 10 minutes before being removed by Google. Security researcher Andrew Maxey noted the attackers used a promoted tweet that linked to the legitimate G Suite account when clicked, enhancing the scam’s perceived credibility. This incident followed an almost identical compromise of Target’s Twitter account days earlier, where a fake tweet advertised a $5,000 Bitcoin giveaway (valued around $31 million), which remained active for roughly 30 minutes before deletion.
The Google and Target incidents were part of a broader campaign targeting verified Twitter accounts throughout November 2018. Additional victims included the Indian Consulate in Frankfurt, IT consultancy Capgemini, California state senator Ben Allen, Israeli politician Rachel Azaria, and the Consulate General of India in Germany—all compromised to promote similar cryptocurrency scams. Earlier that month, attackers had impersonated Tesla CEO Elon Musk by altering hijacked accounts’ profile details and engaging in comment threads on Musk’s genuine posts to appear legitimate. This tactic echoed a July 2018 incident where scammers repurposed the Twitter account of the defunct FOX show *Almost Human* to impersonate TRON CEO Justin Sun while distributing giveaway links. Security analysts identified the scheme as a social media adaptation of traditional "419" advance-fee fraud, exploiting verified accounts’ trustworthiness. Researchers like Graham Cluley criticized Twitter’s security practices, advocating mandatory two-step verification via authenticator apps for verified accounts and suggesting verification status revocation if such protections were disabled. Twitter did not publicly address these specific incidents at the time, while Google and Target confirmed unauthorized access and swift content removal without disclosing technical details of the breaches.