• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Network Security, News

Beware of Twitter Phishing Scams As Musk Takeover Unfolds

Cybersecurity experts are warning of significant security risks stemming from organizational changes at Twitter.

November 16, 2022 Zachary Comeau Leave a Comment

Twitter phishing, security, cybersecurity
stock.adobe.com/tashatuvango

With Twitter constantly in the news due to large-scale shifts in the social media company’s strategy after the takeover of Elon Musk, cybersecurity professionals are warning of new phishing scams and security risks as the new story continues to play out.

Billionaire and CEO of Tesla and SpaceX Elon Musk finalized his $44 billion acquisition of Twitter late last month, and has since made sweeping changes at the company, including mass layoffs and new subscription-based verification. This much upheaval at one of the most influential social media platforms to ever exist is now leading to phishing scams and other security problems.

Reports of phishing scams came late last month as this news first emerged. According to TechCrunch and others, a phishing campaign last month attempted to lure Twitter users into posting their credentials on an attacker website disguised as a Twitter help form.

TechCrunch reported that one phishing email was sent from a Gmail account and linked to a Google Doc with another link to a Google Site that attempted to create layers of obfuscation to make it more difficult to detect threats.

But the page itself contains an embedded frame from another site, hosted on a Russian web host Beget, which asks for the user’s Twitter handle, password and phone number — enough to compromise accounts that don’t use stronger two-factor authentication.

Google took down the phishing site a short time after TechCrunch alerted the company. A Google spokesperson told TechCrunch: “Confirming we have taken down the links and accounts in question for violations of our program policies.”

According to Sherrod DeGrippo, vice president of threat research at email security firm Proofpoint, the company has seen a notable increase in Twitter-related phishing campaigns that attempt to steal Twitter credentials.

Multiple campaigns have used lures related to Twitter verification or the new Twitter Blue product, with some emails claiming to include a Twitter Blue billing statement. These campaigns have used both Google Forms for data collection and URLs that direct users to threat actor-hosted infrastructure, DeGrippo says.

Campaigns are largely targeting media and entertainment entities such as journalists who are verified on Twitter. The email address often matches the Twitter handle used or the user’s email address available in their Twitter bio.

“It is not surprising threat actors are using Twitter-related lures,” DeGrippo says. “Cybercriminal threat actors regularly use themes that are related to major news items and relevant to human interests as that may increase the likelihood of someone engaging with social engineering content.”

While the future of Twitter may be in doubt with Musk continuing to make wholesale changes to the social media giant, gaining access to Twitter accounts can still be lucrative for threat actors, DeGrippo says.

“Legitimately verified Twitter accounts typically have larger audiences than the average user, and compromised accounts can be used to spread misinformation, urge users to engage with additionally malicious content like fraudulent cryptocurrency scams, and can be used to further phishing campaigns to other users,” DeGrippo says.

These security risks can also lead to brand reputation or financial damages if an attacker is able to successfully compromise a brand’s Twitter account, the can wreak havoc on that company’s image, says Matt Chiodi, chief trust officer at zero trust architecture firm Cerby.

“Social media accounts are generally managed by marketing teams and can have access to hundreds of millions of corporate dollars for advertising,” Chiodi says. “Not only could criminals siphon off that cash, they could defame a company’s Twitter profile with offensive content.”

Chiodi says that while organizations should still conduct security training to educate end users, many technologies are still built without security in mind, including social media platforms.

“None of the prominent social media platforms offer enterprise-grade authentication options to their billions of business and professional users,” he says. “This is unacceptable for tools that are so widely used by consumers and critical to enterprises and democracy.”

Tagged With: Cybersecurity, phishing, Twitter

Related Content:

  • Microsoft Loop IT What You Need to Know About Microsoft Loop
  • YAMAHA UC ADECIA Yealink Yamaha UC Partners With Yealink for Audio &…
  • Microsoft, ChatGPT, GPT-4, GPT-3.5 What’s New With ChatGPT and Generative AI This…
  • CISA Ransomware CISA Wants You To Report Anything You Know…

Free downloadable guide you may like:

  • Four IT Trends That Will Define 2023Expert Series: Four IT Trends That Will Define 2023

    Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations emerging from each.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Four IT Trends That Will Define 2023
Expert Series: Four IT Trends That Will Define 2023

Learn about four key technologies we identified as critical to your IT organization’s success in 2023, as well as how to invest in new innovations ...

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2023 Emerald X, LLC. All rights reserved.