Twitter’s Sponsored Tweets Used For Credit Card Phishing

Twitter’s promoted tweet service has been used by cyber criminals to dupe its users into handing over login credentials and payment information as part of a credit card phishing scam.

Cyber security company Malwarebytes discovered that the phishing scam was hiding behind a promoted tweet from an account called Verified Accounts claiming to offer the ‘blue tick’ verification that Twitter gives to some of its users who can apply or be granted the ‘verified’ status by the social network.

The tweet directed users to a website that requested login details, various personal information and then payment and contact credentials.

Twitter phishing

Malwarebytes noted that while there have previously been sponsored tweets that use attention grabbing or sometimes misleading posts to encourage users to click on the link in their tweet, this is the first time it has observed the sponsored tweet service being used as a vector for phishing scams.

At the time of writing the account, @Verifed845, appears to still be up and running, which indicated that Twitter may not have a very robust method on vetting the sponsored tweets.

TechWeekEurope has contacted Twitter for comment on the issue.

Christopher Boyd, malware intelligence analyst at Malwarebytes, highlighted that some users may get tricked by the Twitter phishing scam as they do not expect sponsored tweets to come from cyber criminals. He also noted even people a little savvier to such scams could still get caught out.

“One of the things people tend to look out for when avoiding phishing scams is checking if the site is secure, on the basis that most phish pages are typically non SSL. It’s always worth stressing that this aspect taken on its own, with no other potential phishy red flags considered, is NOT a magic bullet as there are some phish scams out there which are indeed touting a padlock,” he said, explain how the scam site is secure until the point that it asks for payment.

“Whether links you see on Twitter are served up by friends, strangers, or even sponsored content placed there via Twitter itself, never take them for granted – the moment you see a site asking for login credentials and / or payment information, think very carefully about your next move,” Boyd added.  “Trust, but verify” has never seemed quite so relevant…”

Despite phishing scams being nothing new and people are becoming wise to such scams, however, that still has not stopped phishing being reportedly responsible for the majority of data breaches or for the amount of people that can be hit by major scams.

How much do you know about IT’s bad guys? Take our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

16 hours ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

17 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

18 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

20 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

21 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

21 hours ago