Pope Francis has become the latest victim of crypto scammers on Twitter, as a network of bot accounts promoting scam ICOs and fake crypto giveaways continue to target public figures both within and outside the crypto world.
Earlier in the month, security researchers working at Duo Security unveiled the results of a study analysing 88 million public Twitter profiles, revealing a sophisticated network of dummy accounts, known as a botnet working to promote a crypto giveaway scam by impersonating high profile individuals and artificially boosting their tweet rankings using likes and retweets.
A tweet posted by Pope Francis earlier today had one such artificially boosted tweet as its top ranked response. The tweet is from a duplicate handle, “@_Poontifex,” designed to mislead casual viewers into thinking that it is the real pope’s handle “@Pontifex.”
Unsurprisingly, the tweet is promoting a fraudulent crypto giveaway:
Another dummy account, branded “@RicardoStark7,” then responded to the tweet with faked excitement as other bots retweeted and liked the fake pope handle’s tweet, gaming Twitter’s quality control mechanism to shift it to the very top of the replies to the real pope’s tweets.
Sօ соօl! Jսѕt seոt anԁ іmmеԁiatеly got bасk! You'rе ѕupеr faѕt.
— Ricardo Stark (@RicardoStark7) August 30, 2018
To a casual Twitter user, it may thus seem as though Pope Francis has responded to his own tweet, advertising some kind of giveaway, which is how the scam operates.
Several high profile Twitter accounts have been targeted this way in the past. Some of these include Elon Musk and Vitalik Buterin, who was sufficiently impacted by the scam to change his Twitter name and biography to a message disclaiming any involvement in the scam.
In May, CCN reported that the Vertcoin twitter account was actually hijacked and used to spread the “ETH giveaway” scam.
Gaming Twitter’s Algorithms
According to Duo Security Principal Security Engineer Jordan Wright, who spoke to TechCrunch earlier in August, the botnet is made up of more than 15,000 dummy accounts tweeting crypto giveaway scam messages and gaming Twitter’s quality control mechanism by retweeting and liking each other’s posts.
What this achieves is that it artificially boosts the popularity of the accounts, with some of them even showing up under Twitter’s “Who to Follow” recommendations list. Even worse, the actual number of bot accounts is likely to be far higher than 15,000.
Wright also revealed that the botnet makes use of a “three-tier hierarchical system,” unlike the typical flat structure of conventional botnets, indicating that as anti-spam research advances, botnets and the people that control them are also evolving and developing new tactics and strategies to extract money from Twitter users.