Skip to main content

New phishing campaign targets Twitter Blue users amid X rebrand confusion

Web Hosting & Remote IT Support

A new phishing campaign is targeting Twitter Blue subscribers amid the social media platform’s messy transition to X, and the consequences could be catastrophic.

Twitter owner Elon Musk and new CEO Linda Yaccarino hope that the platform will soon become X, but the transition has been anything but smooth, with rebranding at the HQ going, well, not to plan. Furthermore, the discrepancy between the website and mobile apps is giving some users a complete headache.

Hoping to capitalize on this confusion, one threat actor is offering Twitter Blue subscribers to transfer their membership to X, but all this does is give the cybercriminal access to a user’s entire Twitter account.

Twitter Blue/X phishing emails

To an unsuspecting target, the email looks to come from a legitimate source, with the display name showing ‘sales@x.com.’ The email passes SPF authentication checks despite actually coming from mailing list platform Sendinblue (now known as Brevo). 

Read more

> These are the best malware removal tools around

 > Watch out - that unexpected Microsoft alert could well be a phishing attack

 > Google Docs phishing scams are on the rise - here's what you need to know

A screenshot of the email posted by Twitter user @fluffypony claims that a victim’s “existing subscription is nearing its expiration and requires migration,” with a link directing users to a completely legitimate API authorization page. The fact that it’s legitimate means that, upon approval, the threat actor then has access to a user’s Twitter account.

Along with a few view-only capabilities, the API allows the threat actor to amend follwers, update profile and account settings, post and delete Tweets, engage with other Tweets, and more.

Fortunately, revoking API access is fairly easy on Twitter, by navigating to Settings > Security and account access > Apps and sessions > Connected apps.

Checking these settings is generally a good idea whether you have been targeted by this phishing attack or not, purely in the interest of good Internet hygiene. For those not quick enough to disable the dodgy service, it’s unclear what the result could be. In the worst-case scenario, they could be locked out of their account with any manner of activity going on, in which case they may want to consider using identity theft protection software.



via Hosting & Support
Labels:

Comments

Post a Comment

Web Hosting
Remote IT Support
Sites & Socials
Computing Handbook - $9.95

Popular posts from this blog

This new malware campaign can hijack your Gmail or Outlook email account

Web Hosting & Remote IT Support Cybersecurity researchers from Cisco Talos have spotted a new hacking campaign they claim is targeting victims’ sensitive data, login credentials, and email inboxes. Horabot is described as a botnet that has been active for almost two and a half years now (first spotted in November 2020). During that time, it’s mostly been tasked with distributing a banking trojan and spam malware .  Its operators seem to be located in Brazil, while its victims are Spanish-speaking users located mostly in Mexico, Uruguay, Venezuela Brazil, Panama, Argentina, and Guatemala. Horabot botnet The victims are found in different industries, from investment firms to wholesale distribution, from construction to engineering, and accounting. The attack starts with an email message carrying a malicious HTML attachment. Ultimately, the victim is urged to download a .RAR archive, which holds the banking trojan.  The malware is capable of doing plenty of things: stealing l
Post a Comment
Read more

Want to store 1PB of data in the cloud? This startup can do it for you for as little as $10,000 a month — Qumulo says it can scale to Exabytes off premise and wants to eradicate tapes once and for all

Web Hosting & Remote IT Support Qumulo has launched Azure Native Qumulo Cold (ANQ Cold), which it claims is the first truly cloud-native, fully managed SaaS solution for storing and retrieving infrequently accessed “cold” file data. Fully POSIX-compliant and positioned as an on-premises alternative to tape storage, ANQ Cold can be used as a standalone file service, a backup target for any file store, including on-premises legacy scale-out NAS, and it can be integrated into a hybrid storage infrastructure, enabling access to remote data as if it were local. It can also scale to an exabyte-level file system in a single namespace. “ANQ Cold is an industry game changer for economically storing and retrieving cold file data,” said Ryan Farris, VP of Product at Qumulo. “To put this in perspective with a common use case, hospital IT administrators in charge of PACS archival data can use ANQ Cold for the long-term retention of DICOM images at a fraction of their current on-premises leg
Post a Comment
Read more

No light without dark : making the most of ‘shadow IT’

Web Hosting & Remote IT Support In the last few decades, technology has created a modern digital workforce that is technically skilled and adept at finding innovative solutions that would help them succeed at work. However, with 95% of employees struggling with digital friction in the workplace - including a lack of access to the right tools - ambitious employees who are hungry for results have often needed to explore fixes outside the scope of existing systems provided by their employers. On top of that, the popularity of cloud-based apps has resulted in business processes often ending up fragmented across various systems, requiring workers to devote time to manual maintenance. This has accelerated the spread of (the unnecessarily ominous sounding) ‘shadow IT’, or applications that savvy workers use without official authorization to help them bypass limitations and get work done. In a perfect world, a balance can be struck between giving these technically skilled workers freed
Post a Comment
Read more