Twitter’s promoted tweet service has been used by cyber criminals to dupe its users into handing over login credentials and payment information as part of a credit card phishing scam.
Cyber security company Malwarebytes discovered that the phishing scam was hiding behind a promoted tweet from an account called Verified Accounts claiming to offer the ‘blue tick’ verification that Twitter gives to some of its users who can apply or be granted the ‘verified’ status by the social network.
The tweet directed users to a website that requested login details, various personal information and then payment and contact credentials.
At the time of writing the account, @Verifed845, appears to still be up and running, which indicated that Twitter may not have a very robust method on vetting the sponsored tweets.
TechWeekEurope has contacted Twitter for comment on the issue.
Christopher Boyd, malware intelligence analyst at Malwarebytes, highlighted that some users may get tricked by the Twitter phishing scam as they do not expect sponsored tweets to come from cyber criminals. He also noted even people a little savvier to such scams could still get caught out.
“One of the things people tend to look out for when avoiding phishing scams is checking if the site is secure, on the basis that most phish pages are typically non SSL. It’s always worth stressing that this aspect taken on its own, with no other potential phishy red flags considered, is NOT a magic bullet as there are some phish scams out there which are indeed touting a padlock,” he said, explain how the scam site is secure until the point that it asks for payment.
“Whether links you see on Twitter are served up by friends, strangers, or even sponsored content placed there via Twitter itself, never take them for granted – the moment you see a site asking for login credentials and / or payment information, think very carefully about your next move,” Boyd added. “Trust, but verify” has never seemed quite so relevant…”
Despite phishing scams being nothing new and people are becoming wise to such scams, however, that still has not stopped phishing being reportedly responsible for the majority of data breaches or for the amount of people that can be hit by major scams.
How much do you know about IT’s bad guys? Take our quiz!
Censorship row brewing down under, after the Australian Prime Minister calls Elon Musk an 'arrogant…
Financial regulator asks New York judge to impose $5.3 billion in fines against Terraform Labs…
Lightweight artificial intelligence model launched this week by Microsoft, offering more cost-effective option for Azure…
ByteDance protest falls on deaf ears, as Senate passes TikTok ban or divest bill, with…
US Commerce Secretary Gina Raimondo says Huawei's flagship smartphone chip 'years behind' US technology, shows…
Cloud companies, business user groups say Broadcom price changes do not address their concerns, as…