Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Latest Twitter Account Verification Scam, Bad Actors Are Stealing Credit Card Details

 

 

All the well-known companies, organizations, famous business faces and celebrities and using social media account verification service. A verified account normally contains a “Blue Tick” alongside the username. It helps the people to identify the legit social media accounts of famous companies and people. A scam has been detected by the social media security experts of security firm “Proofpoint.” A normal twitter account verification process is a little bit lengthy and the company takes a while to verify the requested account after verifying requirements. The scammers are placing genuine legitimate ads on Twitter to offer the users a simple and fast account verification. The cyber criminals are redirecting victims to a third party phishing website and stealing their credit card details.

 

The Targets of Scammers

The scammers are targeting small business influencers and brand managers by placing legitimate Twitter advertisements. The ads are linked to a phishing website which looks like a genuine sub domain of Twitter. As I wrote above, some rules and regulations have been listed by the company for account verification. These requirements are not easily available for small businesses due to lack of resources. The cybercriminals are taking advantage of it and they are targeting people of a specific category.

 

The Malicious Account and Phishing Website

According to a report of Oisin Patenall (Security Researcher at Proofpoint), The scammers are using a fake Twitter account (@SupportForAll6) which is pretending to be the official Twitter Support Account (@support). The scammers were posting ads from this account and now it has been deleted by the Twitter. The cybercriminals were using legitimate Twitter Logos and same colors to make it looks genuine. Moreover, the number of followers very low. All this was helping scammers to manipulate their targets. When users were clicking on the ads placed by scammers, the browser was redirecting to another domain “twitterhelp.info”. It was a phishing website and scammers were using Twitter color scheme and wording to proof themselves genuine. Now this phishing domain has been suspended.

 

 

Any Proof?

The security researchers of Proofpoint further explain that the IP address of “twitterhelp.info” was already blacklisted and it had been used by cyber criminals in various type of Phishing scams. When the victim was clicking on the advertisement, the browser was redirecting him to this domain. There was a form available on the website, which was asking victims to fill their Twitter account details including username, contact number, and password. After submitting this form, there was another form. Through this form, scammers were collecting Payment Card details of victims. The scammers were using a template as a form, which was allowing to submit even empty values. A genuine payment processing form contains only required fields and user can’t submit an empty form.

 

Security Tips For Social Media Users

It was only an example. The scammers can use any social media platform to target people. Therefore, don’t fall for such type of activities.Before submitting account information, double check the domain address.Never fill your financial details anywhere without verifying the form. A legitimate payment processing form will not allow anyone to submit empty fields. Moreover, these are not available in public posts as a short link. 

 

Similar Articles:

Why Hackers hack Normal user’s social media accounts?

FLocker Ransomware: The Attackers Are Using This Malware To Lock Smart TVs

This New iOS Bug Allowing Attackers To Crash Messaging App of Any iPhone

DDoS Attack Security Provider Incapsula, Hit By 650 Gbps DDoS Attack

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.