SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
2 Jul 2015

Fake Twitter verification profiles trick victims into sharing personal, payment card info

A little over 18,000 Twitter users looking for a way to get their accounts verified have been duped by a single fake account promising to provide the service into visiting a phishing page.

How many of them actually went through the steps required is unknown, but according to Malwarebytes' Chris Boyd, this wasn't the only account of this kind to be suspended recently, and there are sure to be others popping up.

The account in question successfully impersonated Twitter's official "Verified Account" account. The phishers used the same name and icon but, of course, couldn't get the blue badge with a check mark next to the username. Users who fell for the scheme were first asked to fill out a form with their username, email address, number of followers, the reason why they want their accounts to be verified and, finally, the password for the account. Next they were asked to pay the "verification fee", and in order to do that, they had to share their payment card number, expiration date, CVV code, name, full address, phone number, and an email account to receive the confirmation.

"There’s no way to know how many people completed all of the steps, but there’s potential here for the scammers to have made off with quite the haul of stolen accounts and pilfered payment credentials," says security expert. "Note that the so-called payment page doesn’t have a secured connection either, so if a third party happened to be snooping traffic and you were on an insecure connection there’d now be two people running around with your information instead of just one," says Boyd.

This attempt just goes to show that there is no limit to phishers' creativity - they will always find an angle that will allow them to dupe inexperienced users. In this particular case, the fact that Twitter does not accept applications for verification and that if an account is eligible, they reach out to the user themselves is not a secret, but less tech-savvy users often believe that there is a way around rules and functionalities set up by online services and social networks. Evidence of this can be found in the repeated Facebook scam and phishing attempts offering users a way to see who checks their profile or to change the colour of their account page.

OUR POINT
Software developers try to do their best while improving data protection. But their efforts are meaningless if users ignore basic rules. For example, you may use up to three accounts simultaneously in SafeUM secure messenger. The first account may be used for communicating with friends, the second one – for chatting with colleagues and the third one – for messaging with lawyer, doctor or grandmother. What can users do? They can create one account.

You may create 3 PIN codes in secure messenger SafeUM. The first PIN provides full access to the application and all its features. The second PIN hides secret conversations and confidential data. The third PIN deactivates the account without any possible recovery. This feature is designed for emergency situations and allows you to make sure that no third parties get access to your personal information. How can users ignore such protections? They may not specify the second and third PIN codes.

Passwords...

The Internet is full of such examples. Of course, there are some options that can’t be ignored by careless users:

- it is impossible to make unencrypted audio and video calls in SafeUM;
- hackers won’t get SafeUM users’ encryption keys: the keys are stored on the device only. Our Front-end servers have no hard drives. All information is stored in the servers RAM;
- you will get a notice if someone tries to access your account.

SafeUM team wants to protect your data.
Tags:
Twitter fraud phishing
Source:
Help Net Security
2523
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015