Threat actors are hacking verified Twitter accounts to issue false suspension notifications that are well-written in an effort to acquire the credentials of other verified users.
If an account claims to represent a major influencer, a celebrity, a politician, a journalist, an activist, a public or private organization, Twitter verifies the account.
Users of Twitter must apply for verification and provide proof of their account’s “notability” in order to acquire the verified “blue badge.”
Threats of suspension can cause users to act hastily because getting a blue badge is difficult, which makes them easy prey for threat actors who use these kinds of accounts for their own schemes.
We’re going to suspend your account
Sergiu Gatlan, a reporter for BleepingComputer, got a phishing message via Twitter direct messages on Friday afternoon claiming that his account had been suspended for posting hate speech.
The phishing message below states that “Spreading hate speech is against our rules of service,” and that “Your account has been recognized as inauthentic and unsafe by our automated algorithms.”
“We at Twitter are very concerned about keeping our platform secure. That is why, if you don’t finish the authentication process, we will suspend your account in 48 hours.”
I went to the tinyurl.com website in the DM to check out the phishing scam, and it took me to https://twitter-safeguard-protection[.]info/appeal/.
This website first requested a Twitter username, and after we submitted our test account, it made advantage of the Twitter APIs to fetch my test account’s image, as seen in the example below. The authenticity of the phishing scam is increased by displaying the authentic image.
This phishing site rejected erroneous passwords, unlike many other phishing schemes that allow you to input your password multiple times before it accepts it.
It asked me for my account’s email address after I had entered the right password. Once more, phony email addresses were turned down, proving that the phishing website is using Twitter APIs to verify the validity of user accounts.
The phishing website finally showed a message saying, “Authenticity Check has done, your account has been verified authentic by our automatic system, all current difficulties are handled,” after I had input the right data.
But at this time, my test account’s login information has been compromised, so I immediately changed it to something else.
Anyone who has reached this point, however, is unlikely to be aware that their login information was stolen and is more likely to discover that they are unable to access their account later that day or the following day.
Nobody is duped by these tricks!
Before you claim that no one falls for these scams, the swindle itself is, regrettably, evidence that they do.
In addition to being sent to verified users, these scams are also being sent by verified users whose accounts were probably compromised by similar phishing scams.
Even though some victims work in cybersecurity, it is also typical to see individuals, especially verified accounts, claim on Twitter that they were the victim of a phishing attempt.
Threat actors are constantly developing new strategies to make their attacks appear real, and by focusing on verified users, they create a sense of urgency that can lead consumers to ignore red flags.
As a result, always take your time to carefully examine any message that directs you to a website where they ask for your credentials to look for odd domain names, uncommon typos, and poor grammar.
To be secure, never log in to Twitter through any other website but twitter.com.
