X (formerly Twitter) has several tools that let you know if an account is legitimate or not. This allows companies to prove to readers that they’re the real deal, and builds a sense of security around their posts. Unfortunately, as we’ve just seen with OpenAI, that trust can sometimes be abused to steal money from people.
What Happened to OpenAI?
At the start of September 2024, the AI tech giant created the OpenAI Newsroom X feed to keep people up to speed with the company’s developments. It received the Verified Organizations badge and an official OpenAI badge. This gave a clear and direct message that OpenAI owned the account and that it wasn’t someone pretending to be the AI giant to spread misinformation.
The problem is, these verifications are a double-edged sword. It gives people a reason to trust posts from the account, but if said account is compromised and begins posting malicious content, people are more likely to believe that the posts are coming from the company.
Bad actors know this, and they’re always trying to crack into high-profile accounts so they can post their latest scam. This time, they managed to get into the OpenAI Newsroom account and posted a link to a fake OpenAI website. This site asked users to link a cryptocurrency wallet, after which the scammers would steal all of the victim’s money.
How to Stay Safe From Compromised X Accounts
Compromised accounts posting malicious links are by no means new. In fact, they’re one of the many common X scams that circulate the platform. If this is the first time you’ve seen an official account hacked to distribute a malicious link, here’s how to stay safe.
First, never take a verification badge for granted. The badge only means that the account is owned by the company it claims to be. It is not a guarantee that the person making the posts is from the company, or that the company automatically endorses every post made on it.
If an official account starts acting strangely, don’t click any links that are posted. It’s likely a scammer trying to use the account’s position to spread their malware or scams. If you’re certain it’s a scam, you can report the post on X and get it shut down before people fall for it.
