Connect with us

Hi, what are you looking for?

Cyber Security

Verified Twitter accounts hacked to send fake suspension notices

Threat actors are hacking verified Twitter accounts to send fake but well-written suspension messages that attempt to steal other verified users’ credentials.

Twitter verifies accounts if they are considered notable influencers, celebrities, politicians, journalists, activists, and government and private organizations.

To receive the verified ‘blue badge,’ Twitter users must apply for verification and submit supporting documentation to show why their account is ‘notable.’

As it is not easy to gain a blue badge, threats of suspension can lead to people reacting without thinking, making them prime targets for threat actors who value these types of accounts for their own scams.

“We are suspending your account”

Friday afternoon, BleepingComputer reporter Sergiu Gatlan received a phishing scam via Twitter DMs that said his account was being suspended for spreading hate speech.

“Your account has been flagged as inauthentic and unsafe by our automated systems, spreading hate speech is against our terms of service,” reads the phishing message below.

“We at twitter take the security of our platform very seriously. That’s why we are suspending your account in 48h if you don’t complete the authentication process.”

Twitter phishing DM sent to a verified user
Twitter phishing DM sent to a verified user
Source: BleepingComputer

To test the phishing scam, I visited the tinyurl.com address in the DM, which redirected me to https://twitter-safeguard-protection[.]info/appeal/.

This website first asked for a Twitter user name, and when we entered our test account, it used the Twitter APIs on the backend to retrieve my test account’s photo, as shown below. Displaying the legitimate picture adds legitimacy to the phishing scam.

The first stage of Twitter phishing attack
The first stage of Twitter phishing attack
Source: BleepingComputer

Unlike numerous phishing scams that allow you to enter your password multiple times until it accepts it, this phishing site rejected incorrect passwords.

After entering the correct password, it prompted me for my account’s email address. Once again, fake email addresses were rejected, indicating that the phishing site is using Twitter APIs to check for valid account information.

The second stage of Twitter phishing attack
The second stage of Twitter phishing attack
Source: BleepingComputer

Finally, once I entered the correct information, the phishing page displayed a message stating, “Authenticity Check is completed, your account has been proved authentic by our automatic system, all current problems are resolved”.

At this point, though, my test account’s credentials have been stolen, which I promptly reset to a different one.

However, anyone who has gotten this far would not realize their credentials were stolen and would likely find that they can no longer log in to their account later that day or the next day.

No one falls for these scams!

Before you say that nobody falls for these scams, unfortunately, the proof they do is in the scam itself.

These scams are not only being sent to verified users but they are being sent by verified users whose accounts were hacked, likely through similar phishing scams.

It is also common to see users, including verified users, post to Twitter that they fell for a phishing attack, even when some of the victims are involved in cybersecurity.

Cory tweet

Threat actors continue to evolve their tactics to make their attacks look legitimate, and by targeting verified users, they add a sense of urgency that may cause people to overlook suspicious signs.

Therefore, if you receive a message directing you to a site where they ask for your credentials, always take your time analyzing it for strange domain names, unusual typos, and bad grammar.

Advertisement. Scroll to continue reading.

To be safe, only log in with your Twitter credentials on twitter.com and never on any other site.

Source: https://www.bleepingcomputer.com/news/security/verified-twitter-accounts-hacked-to-send-fake-suspension-notices/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The Cyber Safety Review Board will assess how a hacking group reportedly linked to China leveraged a vulnerability in Microsoft Exchange Online to access...

Cyber Security

Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems. The...

Cyber Security

A new phishing campaign is exploiting the increasing interest of security community members towards Flipper Zero to steal their personal information and cryptocurrency. Flipper...

Cyber Security

New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings. When files are...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO