Skip to main content

Twitter’s verification chaos is now a cybersecurity problem

posted onOctober 31, 2022
by l33tdawg
Tech Crunch
Credit: Tech Crunch

Cybercriminals are already capitalizing on Twitter’s ongoing verification chaos by sending phishing emails designed to steal the passwords of unwitting users.

The phishing email campaign, seen by TechCrunch, attempts to lure Twitter users into posting their username and password on an attacker’s website disguised as a Twitter help form.

The email is sent from a Gmail account, links to a Google Doc with another link to a Google Site, which lets users host web content. This is likely to create several layers of obfuscation to make it more difficult for Google to detect abuse using its automatic scanning tools. But the page itself contains an embedded frame from another site, hosted on a Russian web host Beget, which asks for the user’s Twitter handle, password and phone number — enough to compromise accounts that don’t use stronger two-factor authentication.

Google took down the phishing site a short time after TechCrunch alerted the company. A Google spokesperson told TechCrunch: “Confirming we have taken down the links and accounts in question for violations of our program policies.”

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th