Hijacked Twitter accounts used to advertise face masks
When Vice’s Joseph Cox searched for the masks site on Tuesday, he found what he called a “heavy stream” of other accounts that posted a link to the site. Some at least appeared to have been hijacked, given that they were created years ago and posted what Cox called “relatively normal content” before tweeting out the link to the masks site.
As of Wednesday afternoon, two Twitter accounts were still advertising masksfast[.]us. One of the accounts, created in April 2012, had zero followers and had only ever created one post: the ad for masks that it posted on Tuesday. Another account advertising the (potentially scammy) site hadn’t previously posted anything since July 2019, has only retweeted and has never posted original content, all of which gives off the aroma of a bot network and/or having been hacked away from their rightful account owners.
I reported both accounts to Twitter.
Vice knows for sure that one of the accounts pumping out mask advertising was hijacked, given that the account belonged to one of its own: Motherboard’s Todd Feathers. On Tuesday, the journalist confirmed on Twitter that his account had been hijacked and used to send out direct messages, purportedly about face masks.
Vice found another hijacked account that posted tweets to a website called “Masks 2 U” and which included this message in broken English:
Wearing mask make you away from COVID-19
Motherboard’s Feathers told Vice that about 40 minutes before he logged into Twitter and realized that his account had been hacked, the platform had informed him that his account was last accessed by a computer in Virginia. That doesn’t mean much: whoever took over his account could have been located anywhere.
After the hijacker had control of Feathers’s account, they used it to send a tweet advertising the masks website. They also sent a link to the site, via DM, to a load of his followers, Feathers said.
They sent DMs to what looks like all (or at least a lot) of my followers with a link to masksfast [.] us and some variation of the message: ‘Masks save lives.’
As Cox notes, it’s not clear whether the barebones site is actually selling the products it lists or if it’s just a scam. I, for one, certainly wouldn’t hand over my credit card, given a number of oddities, including that a) clicking on its multiple social media logos merely sends you round-robin, returning you to the site’s home page, and b) the site refers to toilet paper as “paper towels,” which suggests that its creators aren’t fluent with the American English terminology for the quotidian product that’s grown so scarce, or with its British rendition (“toilet paper” or “toilet roll.”)
At any rate, as Cox reports, the records for the site show that it was created on Monday. Motherboard also found other, near-identical masks websites hosted on the same IP address as the site mentioned by the hacked accounts, some of which had been created just a few days earlier.