Daily Tech News, Interviews, Reviews and Updates

Hackers used verified Twitter accounts to generate fake suspension notifications

Verified Twitter accounts (Twitter certifies accounts for well-known influencers, celebrities, public figures, reporters, social activists, and public and private sector agencies) are being hacked. As per reports, these accounts are being hacked to generate false suspension notifications that are well-written in an effort to acquire the credentials of other verified users.

Twitter users who ask for verification and provide proof that their account is “notable” will be given the verified “blue badge.”

Hackers used verified Twitter accounts to generate fake suspension notifications

Threats of suspension can cause individuals to act impulsively because getting a blue badge is difficult, which makes them easy prey for threat actors who use these kinds of accounts for their own schemes.

Sergiu Gatlan, a reporter for BleepingComputer, got a phishing message via Twitter personal messages on Friday afternoon claiming that his account had been suspended for posting hate speech.

“Your account has been flagged as inauthentic and unsafe by our automated systems, spreading hate speech is against our terms of service,” reads the phishing message below.

“We at twitter take the security of our platform very seriously. That’s why we are suspending your account in 48h if you don’t complete the authentication process.”

Sergiu clicked the tinyurl.com address in the DM to check out the phishing scheme, which led him to https://twitter-safeguard-protection[.]info/appeal/.

This website first requested a Twitter user name, then once a user entered a test account, it used the Twitter APIs to fetch the test account’s photo on the backend. The authenticity of the phishing scam is increased by displaying the authentic image.

This phishing site rejected invalid passwords, unlike many other phishing schemes that allow you to input your password countless times before it accepts it.

It asked Sergiu for his account’s email address after he had entered the right password. Once more, fake email addresses were turned down, proving that the phishing website is using Twitter APIs to verify the validity of user accounts.

When he finally input the correct information, the phishing page showed a message that read, “Authenticity Check is completed, your account has been proved authentic by our automatic system, all current problems are resolved”.

But at this time, his test account’s login credentials has been hacked, so he immediately changed it to something else.

Anyone who has reached this point, however, is unlikely to be aware that their login information was stolen and is more likely to discover that they are unable to access their account later that day or just the next day.

 

 



Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
You might also like

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More