The official Instagram account of cricketing legend and former Pakistan Prime Minister Imran Khan was hacked yesterday in order to promote a cryptocurrency scam.
An unauthorised post and Instagram story briefly advised Khan's over seven million followers to visit a scam website that offered an Elon Musk-endorsed "crypto giveaway" of $100 million.
To make the scam appear more legitimate, the post was accompanied by a screenshot of a faked tweet claiming to come from Tesla boss Musk, and an endorsement message that pretended to come from Khan:
Thank you Elon Musk for 3 BTC. Go to the site and get money. Link in profile bio
In the story posted to Imran Khan's hacked account, a screenshot purporting to show 3 bitcoin being transferred to him was displayed.
Of course, there is no sign of the tweet on Elon Musk's genuine Twitter account. It appears to be the concoction of the scammers themselves, who can mock up a fake tweet screenshot using tools found on any PC in mere seconds.
Elon Musk's image and name are commonly exploited by online criminals keen to dupe the unwitting into falling for a cryptocurrency scam. Musk's enormous fame, fervent following in the crypto community, and regular erratic behaviour appear to be an ideal cocktail for those attempting to lure the unwary into making an unwise decision.
However, combining Musk's name with those of other public figures with large and loyal followings - such as PTI party chairman Imran Khan - opens up even more opportunities for scammers.
Clearly, there is a great deal of harm that could be done by having the social media accounts of high profile political leaders compromised - more, most likely, than the financial damage that could be done if followers were duped into participating into a cryptocurrency scam.
For instance, an attacker might use their access to a social media account to post misinformation to their millions of followers, or point them towards a webpage that installed malware onto their computers.
Control of Imran Khan's account was later confirmed to have been recovered.
Last week, the Twitter account of another high profile figure in Indian politics, PTI Secretary General and former Federal Planning Minister Asad Umar, was also hacked, and in May the email, Twitter, and Apple accounts of PTI party figure Hammad Azhar were also compromised.
It is unclear whether all of these accounts have been hijacked using the same techniques, but it clearly would be no bad thing if more care was taken in securing accounts with strong, unique passwords and multi-factor authentication.
Last year it was reported that Imran Khan's mobile phone may have been targeted by the notorious Pegasus spyware developed by controversial Israeli firm NSO Group.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024