In the world of social media, gaining a blue badge is a hard task. The thought of losing this privilege is devastating for high-profile accounts, which makes them the perfect target for cybercriminals. A new Twitter phishing attack sees threat actors sending fake Twitter DMs with a suspension notice.
The “Fear” factor plays a huge role in this phishing campaign and we can understand why. Once you make a name for yourself on Twitter and get verified, receiving such a suspension notice will lead to rash reactions.
That’s exactly what the threat actors are preying on. How are the attackers spreading their campaign? What’s on the line? Find out in the following article.
Twitter Phishing Scam – It Starts with a DM
When it comes to phishing attacks, users should always be aware of what source they’re trusting. Such campaigns are on the rise, with over 15 billion spam emails across the internet every day.
Practically, Twitter is the perfect platform to perform countless malicious activities. In fact, this is not the first time that Twitter was targeted by an attack.
A while ago, the MasterFred malware was found in fake apps that resemble Netflix, Instagram, and Twitter. Now, threat actors are using hacked verified Twitter accounts to send suspension DMS to high-profile targets in hopes of hacking theirs.
The Phishing Process
As the title of this section states, it all begins with a fake, but well-written DM. The threat actor informs the victims that their accounts are on the verge of being suspended for spreading hate speech:
“Your account has been flagged as inauthentic and unsafe by our automated systems, spreading hate speech is against our terms of service,” reads the phishing message below.
We at twitter take the security of our platform very seriously. That’s why we are suspending your account in 48h if you don’t complete the authentication process.”
As with most phishing emails, DMs in this situation, the threat actors provide a link for the victims to click on. The provided URL redirects the target to https://twitter-safeguard-protection[.]info/appeal/.
Once there, the page prompts the target to enter his/her account’s username. That’s where the malicious magic happens.
Apparently, the threat actors know what they’re doing. For extra legitimacy, the fake website makes use of Twitter APIs on the backend to retrieve the account’s actual photo. Here’s what BleepingComputer’s testing came up with:
It doesn’t stop here. The attackers are working in a precise matter that makes this phishing scam completely believable. Entering fake accounts or wrong passwords grants nothing but rejections.
Usually, phishing scams allow victims to submit their passwords more than once to make sure they have the right data. However, since this particular campaign is using Twitter APIs, they can check for valid account information and harvest the information once the right data is provided.
Anyone who thought that their accounts might be suspended will probably be happy since it’s finally over. Unfortunately, they’ll notice that their accounts are not accessible later that day or the one after.
Twitter Phishing Scam – The Bird Catches a Phish
Phishing attacks are on the rise and proper precautions should be taken. Don’t say that you’re a regular individual that won’t be targeted. Never assume that this won’t happen to anyone. In fact, verified users did take to Twitter to reveal they’ve been attacked.
No matter who you are, you’re still susceptible to phishing attacks. To save yourself the trouble, all you have to do is avoid clicking on any link sent via email or DM.
If anything is wrong with your Twitter account, you can manually sign-in on the platform’s official website. Not only that but always check for spelling mistakes and irrational characters. That’s the ultimate way to spot a phishing scam.