Attackers Hack into Accounts Posing as Verified Twitter Accounts

verified Twitter accounts
Written by Emma Davis

An attacker hacks into verified Twitter accounts to send fake suspension messages to other users.

Let me remind you that we wrote that Researcher finds that Twitter images can hide up to 3MB of data.

On July 1, BleepingComputer reporter Sergiu Gatlan received a phishing message on Twitter saying that his account had been suspended for spreading hate.

Your account has been flagged by our automated systems as inauthentic and insecure, while distributing hate speech is against our terms of service.

At Twitter, we take the security of our platform very seriously. Therefore, we will suspend your account after 48 hours if you do not complete the authentication process.the message says.

verified Twitter accounts

The link in the post redirected to https://twitter-safeguard-protection[.]info/appeal/.

The site first requested a Twitter username, and after logging into the account, the site received a profile photo using the Twitter API on the back end. Showing the image adds legitimacy to the phishing scam.

verified Twitter accounts

Unlike numerous phishing attacks that allow entering a password multiple times until the site accepts it, this phishing site rejects incorrect passwords.

After entering the correct password, users are prompted to enter the profile email address. An invalid email address was rejected, indicating that the phishing site is using the Twitter API to validate account information.

verified Twitter accounts

After entering the correct data on the phishing page, the message “Authentication completed, our automatic system authenticated your account, all current problems have been resolved” arrives. However, by this point, the user’s credentials have already been stolen. In the future, the user will no longer be able to log into his account.

Also, some users reported on Twitter that they have already been victims of a phishing attack (some of the victims are related to cybersecurity).

verified Twitter accounts

Researchers recommend that when receiving a message with a link to a site, check the domain name and grammatical errors that can reveal a phishing campaign. Also, you cannot enter your credentials on a third-party site.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.