Security Malware and Virus Antivirus A security researcher has discovered a phishing attack against verified Twitter accounts to steal login credentials. Bleeping Computer |
Fake accounts aren't Twitter's only problem. A security researcher received a direct message reporting account suspension for violating the rules. It is actually a phishing attempt to get login credentials from the unsuspecting user. This type of threat can be detected and blocked by the most effective antiviruses, such as those offered by Bitdefender. Phishing against verified accounts Phishing attacks are carried out against verified accounts (those with the blue badge next to the name). The conditions to be met to obtain the badge are quite strict, so the warning of a possible suspension can push users to carry out impulsive actions and fall into the trap of cybercriminals. The message that appears to be coming from Twitter's support team indicates the violation of the terms of service following the publication of posts that incite hatred. It is then specified that the account will be suspended within 48 hours, if the user does not complete the authentication procedure. Clicking on the link included in the message opens an external site with a similar appearance to the original. Phishing authors used Twitter's APIs to retrieve the profile picture when the user enters the name. The site only accepts the real password and email address, so the unsuspecting victim believes that this is the official procedure. At the end, a page is shown that confirms the correct verification. Obviously the account is lost and ends up in the hands of cybercriminals. Stolen verified accounts are subsequently used for scams of all kinds. This article contains affiliate links: purchases or orders placed through such links will allow our site to receive a commission. Source: Bleeping Computer