sb-as logo
Story image

Twitter users beware: Phishers target account verification in latest attacks

01 Feb 2017

Twitter is now the target of a phishing attack that uses methods to trick brand managers and social influencers into fake account verification.

Security firm Proofpoint discovered the phishing attack, which places ads on websites and lures brand managers to false verification pages.

The ads come from an account that copies the official Twitter support account. It looks genuine through Twitter branding, logos and colours. However, the handle @SupportForAll6 and the low number of followers detracts from the authenticity.

The scam uses Twitter-sponsored ads, which appear in feeds without any user interaction, need to follow or messaging requirements.

When users click the link, they are taken to a domain called twitterhelp.info. Proofpoint says the domain should give the game away, but otherwise the site looks genuine.  The URL resolves to an IP address that has previously been used for phishing activities. When users follow instructions, they are asked for Twitter usernames, emails, phone numbers and the account passwords.

Users are then prompted for their credit card number and security code for additional ‘verification’.  The form includes a template for extracting payment information from Github and tells users ‘they will not be charged’.

“While there is no validation on the form asking for account information, allowing users to submit empty values, this is not the case with the financial information; this cannot be submitted without providing the requested credit card information,” Proofpoint says.

The final step of the process includes a thank you note and notification to receive an email with verification details. The site then redirects to the genuine Twitter page, concluding the apparent legitimacy of the transaction.

Proofpoint says that the phishing attempts are not overly sophisticated, use social engineering, traditional phishing methods and social impersonation to come up with new ways of creating attacks.

What’s worse is that these techniques could be applied to any social media platform that uses account verification.

Devin Redmond, vice president and general manager of Digital Security and Compliance, Proofpoint, says attackers will always go where their victims are. "Social media provides them with a unique opportunity to directly reach large audiences, without fighting corporate networks and their often-fortified security defences. Our research conclusively shows this trend is only picking up speed. In the first six months of 2016, we saw a 150% increase in social media phishing attacks when compared to the same period the prior year. And that volume increased by 300% Q3 vs. Q2 2016,” he says.

Twitter’s Brand Verification and account verification have been described as ‘powerful’ ways for brands to distance themselves from fake, parody and fraudulent accounts. When a brand is authenticated, it receives a special badge that shows users the account is verified.

“Our latest discovery, that cybercriminals are actively looking to tempt users into verified account phishing scams, underscores our assertion that social media security and visibility should be on every Australian organization’s radar. Phishing will be a serious threat to Australian employees, data and companies throughout 2017. We anticipate that cybercriminals will continue to target Australians across the channels they use to work today, which includes email, social media networks and mobile devices,” Redmond says.

Story image
Interview: ThreatQuotient champions threat intelligence through virtual 'situation rooms'
To understand what it involves and some of the collaboration challenges that come with distributing threat intelligence amongst specialised security teams, we spoke to ThreatQuotient APJC regional director Anthony Stitt.More
Story image
CrowdStrike uncovers key cybersecurity findings following COVID-19
Businesses around the world see cybersecurity as a top investment following a mass move to remote working, and it is expected that technology budgets will rise despite uncertain economic times.More
Story image
Cloud breaches set to increase in velocity and scale - Accurics
“While the adoption of cloud native infrastructure such as containers, serverless, and servicemesh is fuelling innovation, misconfigurations are becoming commonplace and creating serious risk exposure for organisations."More
Story image
Just 6,000 accounts responsible for over 100,000 email attacks - report
Barracuda has today released a report detailing how 6,170 malicious accounts that use Gmail, AOL, and other email services were responsible for more than 100,000 business email compromise (BEC) attacks on nearly 6,600 organisations. More
Story image
7 VPN services leaked data of 20 million users - report
"The report calls into question the providers’ security practices and dismisses their claims of being no-log VPN services."More
Story image
Adobe, IBM and Red Hat partner up to accelerate DX and real-time data security
"As companies undergo their digital transformations and move core workloads to the cloud, the entire C-suite is facing a re-framing of their roles to meet customer demands – all while keeping security front and centre."More