Skip to main content

Twitter’s verification chaos is now a security problem

By

Cybercriminals are already capitalizing on Twitter’s ongoing verification chaos by sending phishing emails designed to steal the passwords of unwitting users.

The phishing email campaign, seen by TechCrunch, attempts to lure Twitter users into posting their username and password on an attacker’s website disguised as a Twitter help form.

The email is sent from a Gmail account, links to a Google Doc with another link to a Google Site, which lets users host web content. This is likely to create several layers of obfuscation to make it more difficult for Google to detect abuse using its automatic scanning tools. But the page itself contains an embedded frame from another site, hosted on a Russian web host Beget, which asks for the user’s Twitter handle, password and phone number — enough to compromise accounts that don’t use stronger two-factor authentication.

A screenshot of the phishing email designed to steal Twitter users’ credentials. Image Credits: TechCrunch.

The campaign appears crude in nature, likely because it was quickly put together to take advantage of the recent news that Twitter will soon charge users monthly for premium features, including verification, as well as the reported possibility of taking away verified badges of Twitter users who don’t pay.

As of the time of writing, Twitter has yet to make a public decision about the future of its verification program, which launched in 2009 to confirm the authenticity of certain Twitter accounts, such as public figures, celebrities and governments. But it clearly hasn’t stopped cybercriminals — even on the lower-skilled end — from taking advantage of the lack of clear information from Twitter since it went private this week following the close of Elon Musk’s $44 billion takeover.

TechCrunch has alerted Google and Beget to the phishing pages, but did not immediately hear back. A spokesperson for Twitter did not immediately respond to a request for comment.

Elon Musk’s plan to charge for Twitter verification will be a misinformation nightmare

Twitter’s verification chaos is now a security problem by Zack Whittaker originally published on TechCrunch



from TechCrunch https://ift.tt/kqKadX7
via Technology
Labels:

Comments

Post a Comment

Popular posts from this blog

Instagram accidentally reinstated Pornhub’s banned account

By
After years of on-and-off temporary suspensions, Instagram permanently banned Pornhub’s account in September. Then, for a short period of time this weekend, the account was reinstated. By Tuesday, it was permanently banned again. “This was done in error,” an Instagram spokesperson told TechCrunch. “As we’ve said previously, we permanently disabled this Instagram account for repeatedly violating our policies.” Instagram’s content guidelines prohibit  nudity and sexual solicitation . A Pornhub spokesperson told TechCrunch, though, that they believe the adult streaming platform’s account did not violate any guidelines. Instagram has not commented on the exact reasoning for the ban, or which policies the account violated. It’s worrying from a moderation perspective if a permanently banned Instagram account can accidentally get switched back on. Pornhub told TechCrunch that its account even received a notice from Instagram, stating that its ban had been a mistake (that message itse...
Post a Comment
Read more

Colorado police identified the serial killer who murdered 4 women 40 years ago after exhuming his body to analyze a DNA sample

By
A scientist examines computer images of DNA models. Getty Images Police in Colorado have cracked the cold cases of four women killed 40 years ago. Denver PD said genetic genealogy and DNA analysis helped them identify the serial killer. He had died by suicide in jail in 1981. DNA from his exhumed body matched evidence from the murders. Police in Colorado have cracked the code on four murder cases that went unsolved for 40 years, using DNA from the killer's exhumed body. The cases pertain to four women killed in the Denver metro area between 1978 and 1981. They were 33-year-old Madeleine Furey-Livaudais, 53-year-old Dolores Barajas, 27-year-old Gwendolyn Harris, and 17-year-old Antoinette Parks. The four women were stabbed to death. Denver Police Commander Matt Clark said in a press conference Friday that there was an "underlying sexual component" to the murders but didn't elaborate further. In 2009, a detective reviewed Parks' case and picked several p...
Post a Comment
Read more

Gemini vs. ChatGPT: Which one planned my wedding better?

By
I was all about the wedding bells after getting engaged in June, but after seeing some of these wedding venue quotes, it’s more like alarm bells. "Ding-dong" has been remixed to "cha-ching" – and I need help. I don’t even know how to begin wedding planning. What are the first steps? What do I need to prioritize first? Which tasks are pressing – and which can wait a year or two? I decided to enlist the help of an AI assistant. Taking it one step further, I thought it’d be interesting to see which chatbot – Gemini Advanced or ChatGPT Plus (i.e., ChatGPT 4o) – is the better wedding planner. Gemini vs ChatGPT: Create a to-do list I’m planning on have my wedding in the summer of 2026 – sometime between August and September. Besides that, I don’t have anything else nailed down, so I asked both Gemini and ChatGPT to give me a to-do list based on the following prompt: “My wedding is between August 2026 and September 2026. Give me a to-do list of things to do for the...
Post a Comment
Read more