Twitter’s promoted tweet service has been used by cyber criminals to dupe its users into handing over login credentials and payment information as part of a credit card phishing scam.
Cyber security company Malwarebytes discovered that the phishing scam was hiding behind a promoted tweet from an account called Verified Accounts claiming to offer the ‘blue tick’ verification that Twitter gives to some of its users who can apply or be granted the ‘verified’ status by the social network.
The tweet directed users to a website that requested login details, various personal information and then payment and contact credentials.
At the time of writing the account, @Verifed845, appears to still be up and running, which indicated that Twitter may not have a very robust method on vetting the sponsored tweets.
TechWeekEurope has contacted Twitter for comment on the issue.
Christopher Boyd, malware intelligence analyst at Malwarebytes, highlighted that some users may get tricked by the Twitter phishing scam as they do not expect sponsored tweets to come from cyber criminals. He also noted even people a little savvier to such scams could still get caught out.
“One of the things people tend to look out for when avoiding phishing scams is checking if the site is secure, on the basis that most phish pages are typically non SSL. It’s always worth stressing that this aspect taken on its own, with no other potential phishy red flags considered, is NOT a magic bullet as there are some phish scams out there which are indeed touting a padlock,” he said, explain how the scam site is secure until the point that it asks for payment.
“Whether links you see on Twitter are served up by friends, strangers, or even sponsored content placed there via Twitter itself, never take them for granted – the moment you see a site asking for login credentials and / or payment information, think very carefully about your next move,” Boyd added. “Trust, but verify” has never seemed quite so relevant…”
Despite phishing scams being nothing new and people are becoming wise to such scams, however, that still has not stopped phishing being reportedly responsible for the majority of data breaches or for the amount of people that can be hit by major scams.
How much do you know about IT’s bad guys? Take our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…