{"id":18896,"date":"2022-04-29T08:10:12","date_gmt":"2022-04-29T16:10:12","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/04\/29\/news-12629\/"},"modified":"2022-04-29T08:10:12","modified_gmt":"2022-04-29T16:10:12","slug":"news-12629","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/04\/29\/news-12629\/","title":{"rendered":"Beware Twitter Messages claiming &#8220;Your blue badge Twitter account has been reviewed as spam&#8221;"},"content":{"rendered":"<p><strong>Credit to Author: Jovi Umawing| Date: Fri, 29 Apr 2022 15:48:45 +0000<\/strong><\/p>\n<p>Twitter verification is a two-edged sword. <a href=\"https:\/\/help.twitter.com\/en\/managing-your-account\/about-twitter-verified-accounts\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">According to Twitter<\/a>, it&#8217;s supposed to let people know &#8220;that an account of public interest is authentic.&#8221; That&#8217;s great, so long as the account is authentic, but what if, one day, it suddenly isn&#8217;t? <\/p>\n<p>An attacker that can wrestle a verified account from its owner can cloak themselves in the real owner&#8217;s authenticity. And they can use that authenticity to pull off what NBC News reporter Kevin Collier described as &#8220;<a href=\"https:\/\/twitter.com\/kevincollier\/status\/1519771867258699776\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">the best DM phishing attempt I think I&#8217;ve ever seen<\/a>.&#8221; The attack, seen by Collier and attempted against author <a href=\"https:\/\/twitter.com\/MilesKlee\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Miles Klee<\/a>, used a compromised blue tick account to try to scam Klee out of his own verified account.<\/p>\n<figure class=\"wp-block-embed aligncenter is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">This, sent to <a href=\"https:\/\/twitter.com\/MilesKlee?ref_src=twsrc%5Etfw\">@MilesKlee<\/a> from a compromised verified account, is the best DM phishing attempt I think I&#39;ve ever seen. Don&#39;t fall for it! <a href=\"https:\/\/t.co\/cCCLDUUj7y\">pic.twitter.com\/cCCLDUUj7y<\/a><\/p>\n<p>&mdash; Kevin Collier (@kevincollier) <a href=\"https:\/\/twitter.com\/kevincollier\/status\/1519771867258699776?ref_src=twsrc%5Etfw\">April 28, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/div>\n<\/figure>\n<p>According to the compromised account&#8217;s bio, he is&#8230;<\/p>\n<pre class=\"wp-block-preformatted\">Support Team Officer Patrick Lyons. You will be informed of an important development regarding your account via this channel.<\/pre>\n<p>The account sends the intended victim a Direct Message that reads:<\/p>\n<pre class=\"wp-block-preformatted\">Hello, dear Twitter user!  Your blue badge Twitter account has been reviewed as spam by our Twitter team.  We understand how valuable the blue badge is to you.  Please appeal using the form below, otherwise your blue badge may be deleted.  {redacted URL}  Thanks Twitter Team<\/pre>\n<h2>The phishing site<\/h2>\n<p>The URL uses a realistic-looking domain (registered in November 2021), that displays a realistic login screen that uses the appropriate Twitter fonts and styling.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"56158\" data-permalink=\"https:\/\/blog.malwarebytes.com\/social-engineering\/2022\/04\/beware-twitter-messages-claiming-your-blue-badge-twitter-account-has-been-reviewed-as-spam\/attachment\/fake-twitter-login-screen\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-login-screen.png\" data-orig-size=\"1200,880\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Fake Twitter login screen\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-login-screen-300x220.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-login-screen-600x440.png\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-login-screen-600x440.png\" alt=\"Fake Twitter login screen\" class=\"wp-image-56158\" width=\"600\" height=\"440\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-login-screen-600x440.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-login-screen-300x220.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-login-screen.png 1200w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><figcaption>The fake Twitter login screen<\/figcaption><\/figure>\n<\/div>\n<p>Entering a user name and clicking the &#8220;Log in&#8221; button takes the user to a realistic-looking fake password reset page.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" data-attachment-id=\"56159\" data-permalink=\"https:\/\/blog.malwarebytes.com\/social-engineering\/2022\/04\/beware-twitter-messages-claiming-your-blue-badge-twitter-account-has-been-reviewed-as-spam\/attachment\/fake-twitter-password-reset\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-password-reset.png\" data-orig-size=\"1200,880\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Fake Twitter password reset screen\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-password-reset-300x220.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-password-reset-600x440.png\" loading=\"lazy\" width=\"600\" height=\"440\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-password-reset-600x440.png\" alt=\"Fake Twitter password reset screen\" class=\"wp-image-56159\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-password-reset-600x440.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-password-reset-300x220.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/fake-twitter-password-reset.png 1200w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><figcaption>The fake password reset page.<\/figcaption><\/figure>\n<\/div>\n<p>This page asks users to reset their passwords, by entering both old and new. Entering your old password gives your password straight to the scammers, who already have your username. And whether you enter a valid password or not, you see the same message:<\/p>\n<pre class=\"wp-block-preformatted\">You entered your old password incorrectly, please check and try again. If you do not know your password, you can renew your password from your Twitter account.<\/pre>\n<p>At this point, your password is in the hands of the scammers, but the site does not ask for a second authentication factor. The &#8220;burner&#8221; account we tested the site with had <a href=\"https:\/\/blog.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\/\">two-factor authentication (2FA)<\/a> enabled and it looks as if that is enough to blunt this attack.<\/p>\n<h2>Don\u2019t risk giving scammers your authority<\/h2>\n<p>Messages sent from verified accounts appear more authentic, which is why they are such a prize for scammers. Right now, hijacked verified profiles are enormously popular for hawking <a href=\"https:\/\/twitter.com\/kasmiyouness1\/status\/1517496300484415489\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">NFT scams<\/a>, for example. Verified account owners can give their security a huge boost, just by enabling 2FA.<\/p>\n<p>Better yet, Twitter could give every verified account a huge security boost by making 2FA mandatory.<\/p>\n<p>Remain vigilant, and stay safe!<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/social-engineering\/2022\/04\/beware-twitter-messages-claiming-your-blue-badge-twitter-account-has-been-reviewed-as-spam\/\">Beware Twitter Messages claiming &#8220;Your blue badge Twitter account has been reviewed as spam&#8221;<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/social-engineering\/2022\/04\/beware-twitter-messages-claiming-your-blue-badge-twitter-account-has-been-reviewed-as-spam\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Jovi Umawing| Date: Fri, 29 Apr 2022 15:48:45 +0000<\/strong><\/p>\n<p>Scammers are targeting high-value verified accounts using sneaky Messages from other verified accounts, and realistic phishing sites.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/social-engineering\/2022\/04\/beware-twitter-messages-claiming-your-blue-badge-twitter-account-has-been-reviewed-as-spam\/\">Beware Twitter Messages claiming &#8220;Your blue badge Twitter account has been reviewed as spam&#8221;<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[25903,10510,25904,25905,25906,25907],"class_list":["post-18896","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-nft-scams","tag-social-engineering","tag-twitter-phishing","tag-twitter-phishing-campaign","tag-twitter-scam","tag-verified-twitter-account"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18896","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18896"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18896\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18896"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18896"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18896"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}