An attacker hacks into verified Twitter accounts to send fake suspension messages to other users.
Let me remind you that we wrote that Researcher finds that Twitter images can hide up to 3MB of data.On July 1, BleepingComputer reporter Sergiu Gatlan received a phishing message on Twitter saying that his account had been suspended for spreading hate.
At Twitter, we take the security of our platform very seriously. Therefore, we will suspend your account after 48 hours if you do not complete the authentication process.the message says.
The link in the post redirected to https://twitter-safeguard-protection[.]info/appeal/.
The site first requested a Twitter username, and after logging into the account, the site received a profile photo using the Twitter API on the back end. Showing the image adds legitimacy to the phishing scam.
Unlike numerous phishing attacks that allow entering a password multiple times until the site accepts it, this phishing site rejects incorrect passwords.
After entering the correct password, users are prompted to enter the profile email address. An invalid email address was rejected, indicating that the phishing site is using the Twitter API to validate account information.
After entering the correct data on the phishing page, the message “Authentication completed, our automatic system authenticated your account, all current problems have been resolved” arrives. However, by this point, the user’s credentials have already been stolen. In the future, the user will no longer be able to log into his account.
Also, some users reported on Twitter that they have already been victims of a phishing attack (some of the victims are related to cybersecurity).
Researchers recommend that when receiving a message with a link to a site, check the domain name and grammatical errors that can reveal a phishing campaign. Also, you cannot enter your credentials on a third-party site.