With Twitter constantly in the news due to large-scale shifts in the social media company’s strategy after the takeover of Elon Musk, cybersecurity professionals are warning of new phishing scams and security risks as the new story continues to play out.
Billionaire and CEO of Tesla and SpaceX Elon Musk finalized his $44 billion acquisition of Twitter late last month, and has since made sweeping changes at the company, including mass layoffs and new subscription-based verification. This much upheaval at one of the most influential social media platforms to ever exist is now leading to phishing scams and other security problems.
Reports of phishing scams came late last month as this news first emerged. According to TechCrunch and others, a phishing campaign last month attempted to lure Twitter users into posting their credentials on an attacker website disguised as a Twitter help form.
TechCrunch reported that one phishing email was sent from a Gmail account and linked to a Google Doc with another link to a Google Site that attempted to create layers of obfuscation to make it more difficult to detect threats.
But the page itself contains an embedded frame from another site, hosted on a Russian web host Beget, which asks for the user’s Twitter handle, password and phone number — enough to compromise accounts that don’t use stronger two-factor authentication.
Google took down the phishing site a short time after TechCrunch alerted the company. A Google spokesperson told TechCrunch: “Confirming we have taken down the links and accounts in question for violations of our program policies.”
According to Sherrod DeGrippo, vice president of threat research at email security firm Proofpoint, the company has seen a notable increase in Twitter-related phishing campaigns that attempt to steal Twitter credentials.
Multiple campaigns have used lures related to Twitter verification or the new Twitter Blue product, with some emails claiming to include a Twitter Blue billing statement. These campaigns have used both Google Forms for data collection and URLs that direct users to threat actor-hosted infrastructure, DeGrippo says.
Campaigns are largely targeting media and entertainment entities such as journalists who are verified on Twitter. The email address often matches the Twitter handle used or the user’s email address available in their Twitter bio.
“It is not surprising threat actors are using Twitter-related lures,” DeGrippo says. “Cybercriminal threat actors regularly use themes that are related to major news items and relevant to human interests as that may increase the likelihood of someone engaging with social engineering content.”
While the future of Twitter may be in doubt with Musk continuing to make wholesale changes to the social media giant, gaining access to Twitter accounts can still be lucrative for threat actors, DeGrippo says.
“Legitimately verified Twitter accounts typically have larger audiences than the average user, and compromised accounts can be used to spread misinformation, urge users to engage with additionally malicious content like fraudulent cryptocurrency scams, and can be used to further phishing campaigns to other users,” DeGrippo says.
These security risks can also lead to brand reputation or financial damages if an attacker is able to successfully compromise a brand’s Twitter account, the can wreak havoc on that company’s image, says Matt Chiodi, chief trust officer at zero trust architecture firm Cerby.
“Social media accounts are generally managed by marketing teams and can have access to hundreds of millions of corporate dollars for advertising,” Chiodi says. “Not only could criminals siphon off that cash, they could defame a company’s Twitter profile with offensive content.”
Chiodi says that while organizations should still conduct security training to educate end users, many technologies are still built without security in mind, including social media platforms.
“None of the prominent social media platforms offer enterprise-grade authentication options to their billions of business and professional users,” he says. “This is unacceptable for tools that are so widely used by consumers and critical to enterprises and democracy.”
Leave a Reply