New Twitter Blue Tick Phishing Attack Duping & Confusing Users

A new phishing campaign is underway to capitalize on the tumult, with hackers attempting to trick users into supplying their Twitter credentials in a Googledoc made to look like a Twitter help page, according to TechCrunch. The page is hosted by a Russian service provider. The phishing email campaign, seen by journalists at TechCrunch and NBC, attempts to lure Twitter users into posting their username and password on an attacker’s website disguised as a Twitter help form. 

The email is sent from a Gmail account, and links to a Google Doc with another link to a Google Site, which lets users host web content. This is likely to create several layers of obfuscation to make it more difficult for Google to detect abuse using its automatic scanning tools. But the page itself contains an embedded frame from another site, hosted on a Russian web host Beget, which asks for the user’s Twitter handle, password and phone number — enough to compromise accounts that don’t use stronger two-factor authentication.

Subscribe
Notify of
guest

5 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
John.stevenson
John.stevenson , Product Director
InfoSec Expert
November 3, 2022 9:42 am

By targeting users of twitter and threatening to remove their checkmark, cybercriminals greatly increase the likelihood that recipients will follow the fraudulent link and enter their PII in a moment of increased panic; a perfect example of threat actors exploiting current events to increase their chances of successfully scamming victims. 

Every single successfully targeted victim then faces follow-up phishing scams abusing their exposed PII in the pursuit of more valuable credentials. Their credential information will go up for sale to the highest bidder and may also be used to target their place of work, making now a good time for organisations to implement additional layers of technology and processes to continually hunt email attacks like this one that automatically eliminates the threats once identified.

Last edited 28 days ago by john.stevenson
Hank Schless
Hank Schless , Senior Manager, Security Solutions
InfoSec Expert
November 2, 2022 1:56 pm

Attackers will leverage any opportunity they can to target consumers with phishing campaigns in order to steal personal login credentials. The attacker can then attempt to use the credentials across tens of thousands of online banking sites, healthcare platforms, and other places with valuable or sensitive data. This is a process known as credential stuffing. Attackers will usually create high-pressure situations in order to increase their success rates. If the target doesn’t have time to think or feels pressured to act, they will likely overlook any red flags or gut reactions telling them not to engage. 

Phishing is an issue for every organization – especially as more enterprises embrace bring-your-own-device (BYOD) and employees use the same device for work and personal reasons. No matter which type of app the attacker uses to deliver the phishing link, there is high likelihood that it enters corporate infrastructure via a mobile device. As workers around the world began working from home, organizations enabled their employees to stay productive by using mobile devices. Unfortunately, attackers know this. They also understand that mobile devices exist at the intersection of our work and personal lives, so they use social engineering on various mobile apps to increase the success rate of their attacks. 

With the company featured prominently in the news today, it makes sense for attackers to use Twitter as a hook for socially engineered phishing attacks. It’s no different from any other social platform where an attacker can create a fake but convincing profile and message one of your employees with a malicious link or attachment. 

With Twitter moving up the list of platforms used in phishing-related attacks, organizations should update their acceptable use policies (AUPs) to protect employees and mitigate the risk of web-based attacks. Cloud-based web proxies such as secure web gateways (SWGs) that are fed by rich threat intelligence datasets can help organizations build dynamic AUPs and protect enterprise data. AUPs can be structured in a number of ways, but usually they’re usually based on categorical URL filtering or blocking, blocking or allowing specific URLs, and web reputation of the destination URL. This enables admins to control which websites their employees and guest users can access with the purpose of blocking internet-borne malware, viruses, and phishing sites. SWG is a critical solution to have in the modern enterprise security arsenal as it acts as a way to block accidental access to malicious sites, and can also be a safe tunnel to protect users from modern web-based threats such as ransomware, other malware, and phishing attacks. 

In order to protect themselves and their users, companies need to implement mobile phishing protection across their entire user base. It’s critically important to extend these protections to both corporate-owned and personal devices. Organizations that are proactive about securing mobile devices with mobile security are at the forefront of innovation and demonstrate that they are adapting to today’s rapidly evolving threat landscape.

Last edited 28 days ago by Hank Schless
Hank Schless
Hank Schless , Senior Manager, Security Solutions
InfoSec Expert
November 2, 2022 1:56 pm

Attackers will leverage any opportunity they can to target consumers with phishing campaigns in order to steal personal login credentials. The attacker can then attempt to use the credentials across tens of thousands of online banking sites, healthcare platforms, and other places with valuable or sensitive data. This is a process known as credential stuffing. Attackers will usually create high-pressure situations in order to increase their success rates. If the target doesn’t have time to think or feels pressured to act, they will likely overlook any red flags or gut reactions telling them not to engage. 

Phishing is an issue for every organization – especially as more enterprises embrace bring-your-own-device (BYOD) and employees use the same device for work and personal reasons. No matter which type of app the attacker uses to deliver the phishing link, there is high likelihood that it enters corporate infrastructure via a mobile device. As workers around the world began working from home, organizations enabled their employees to stay productive by using mobile devices. Unfortunately, attackers know this. They also understand that mobile devices exist at the intersection of our work and personal lives, so they use social engineering on various mobile apps to increase the success rate of their attacks. 

With the company featured prominently in the news today, it makes sense for attackers to use Twitter as a hook for socially engineered phishing attacks. It’s no different from any other social platform where an attacker can create a fake but convincing profile and message one of your employees with a malicious link or attachment. 

With Twitter moving up the list of platforms used in phishing-related attacks, organizations should update their acceptable use policies (AUPs) to protect employees and mitigate the risk of web-based attacks. Cloud-based web proxies such as secure web gateways (SWGs) that are fed by rich threat intelligence datasets can help organizations build dynamic AUPs and protect enterprise data. AUPs can be structured in a number of ways, but usually they’re usually based on categorical URL filtering or blocking, blocking or allowing specific URLs, and web reputation of the destination URL. This enables admins to control which websites their employees and guest users can access with the purpose of blocking internet-borne malware, viruses, and phishing sites. SWG is a critical solution to have in the modern enterprise security arsenal as it acts as a way to block accidental access to malicious sites, and can also be a safe tunnel to protect users from modern web-based threats such as ransomware, other malware, and phishing attacks. 

In order to protect themselves and their users, companies need to implement mobile phishing protection across their entire user base. It’s critically important to extend these protections to both corporate-owned and personal devices. Organizations that are proactive about securing mobile devices with mobile security are at the forefront of innovation and demonstrate that they are adapting to today’s rapidly evolving threat landscape.

Last edited 28 days ago by Hank Schless
Martin Jartelius
Martin Jartelius , CSO
InfoSec Expert
November 2, 2022 1:55 pm

This will be the same for every main occurrence, be it a new conflict, feature, product, service or anything else which can entice users into clicking a link. The fact that the topic is new does not chance the exact same advices as per usual, is the senders address the expected and correct.
The main challenge here will be in that some users will interact via mobile browsers that may not show the full sender address by default, and potentially not show the address of visited sites. But those challenges are neither new nor different in this context than other scenarios.

Last edited 28 days ago by Martin Jartelius
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
November 2, 2022 1:54 pm

Whenever there is a major event, or during times of uncertainty, we always see criminals jump on the bandwagon to try and exploit people. 
When Covid19 was at its peak, we saw many variations of phishing scams ranging from testing, to false positives, or vaccination appointments, and other methods to try and get people to click on links. Recently, since the announcement of energy relief packages, we’ve seen a large uptick in phishing scams relating to obtaining relief funding.
Similarly, with the Twitter buyout by Elon Musk, there is a lot of uncertainty around the platform and particularly the verified status. Taking advantage of the uncertainty, it is not surprising to see criminals sending phishing emails trying to harvest credentials. 
It’s why enabling multi-factor authentication (MFA) is so important to protect accounts. Furthermore, people should remain vigilant around communications they receive and verify the source. Credentials or other personal information should never be provided, and when in doubt, they should navigate directly to the website in question to seek clarification.

Last edited 28 days ago by Javvad Malik
Information Security Buzz
5
0
Would love your thoughts, please comment.x
()
x