fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New Twitter Phishing Campaign Targets Verified Accounts

New Twitter Phishing Campaign Targets Verified Accounts

A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer.

Verified accounts on Twitter refer to those possessing a blue badge with a checkmark. These accounts typically represent notable influencers, prominent celebrities, politicians, journalists, activists, as well as government and private organizations.

The phishing campaign follows Twitter’s recent removal of the checkmarks from a number of verified accounts, citing that these were ineligible for the legendary status, and were verified in error.

Also Read: When to Appoint a Data Protection Officer

‘Don’t lose you [sic] verified status!’

Over the weekend, BleepingComputer came across a phishing campaign aimed at verified Twitter users.

The phishing email shown below urges the Twitter user to “update” their details so as to not risk losing their verified status. Note, the email successfully made it past Gmail’s spam filters:

twitter phishing email
Twitter verification phishing email urging user to “update” their profile ​​​​​​ (BleepingComputer)

These emails are being sent at a time when Twitter is inexplicably removing the “blue tick” verified status from a number of notable accounts, such as that of the English television presenter, producer, and Heart Radio’s national breakfast show host, Jamie Theakston:

So @Twitter has removed my blue tick verification because they can’t be sure I’m me. Fair enough, some days I’m not entirely sure myself…— Jamie Theakston (@JamieTheakston) December 2, 2021

The Twitter account of Bloxy News with its 556,000+ followers is yet another example that was presented with a generic message as the reason behind revoked verification status.

Unsurprisingly, Twitter’s ongoing takedown of blue badges has ruffled many feathers on Twitterverse as accounts endorsed with the blue badge are often perceived as distinguished, notable, and expected to lead by example—at least that’s what Twitter tells you after verifying you:”As you know, a verified badge tells people that your account is notable and authentic. And being a part of this ‘blue badge’ Twitter community comes with responsibility. We hope you use it well. (Serious voice) All accounts, including verified accounts, need to follow the Twitter Rules.”

“To keep your verified status, please keep in mind that your Twitter account must always be complete. This means having either a verified email address or phone number, a profile image, and a display name. Any verified account in severe or repeated violation of our rules may lose their blue badge.”

A CEO left Twitter and now all of sudden ppl getting they verification badges snatched up??? Like WTF! pic.twitter.com/iW0Cr8sARq— JOURDON (@DynamoSuperX) December 1, 2021

Some took notice that the timing of Twitter’s en-masse blue badge takedown coincides with changes in the executive leadership—after former Twitter CEO Jack Dorsey resigned and handed on the torch to CTO Parag Agrawal.

Also Read: 4 Things to Know When Installing CCTVs Legally

Phishing campaign collects two-factor codes

The phishing email discovered by BleepingComputer is sent to verified users, many of whom may choose to list an email address in their bio for business reasons.

At least in my case, the phishing message arrived at the email address listed in my public Twitter bio rather than the one associated with my Twitter account:

Twitter profile with email address listed
Twitter profile with an email address in Bio

The phishing message first entices the user to tap the “Update here” button.

The button links to https://www.cleancredit[.]in/wp-content/uploads/2021/12/index.html which further redirects the user to a page living at: https://dublock[.]com/dublock/twitter/

It appears both of these websites have been compromised and being abused by the attackers to host phishing pages:

phishing form twitter
Phishing form prompts user for Twitter credentials (BleepingComputer)

After entering Twitter credentials, that the form poorly validates, the user is prompted to also provide the two-factor authentication code sent to them:

phishing form collecting two factor code
Twitter phishing form collecting two-factor codes (BleepingComputer)

After gathering the user’s Twitter username, password, and two-factor authentication code, the phishing page redirects the user to the Twitter homepage.

Twitter users, verified or not, should be wary of such phishing emails and refrain from opening any links or attachments within.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us