According to the cybersecurity company ESET, in order to take control of the verified accounts of Twitter users, cybercriminals pose as an official support center of the social network, through false profiles they create under the name of “ Feedback Center”.
With the above, these attackers impersonate official support channels to quickly capture the attention of the potential victim, who is sent a notification or message indicating that they are in the middle of a supposed case of identity violation of the account. .
Subsequently, in said message they indicate to the user that they must fill out a form with personal information as soon as possible to verify if it is really the creditor of the Twitter account, because otherwise it will be suspended and the verification mark will be removed.
However, the first clue to identify that this is a “Phishing” attempt is when opening the website where the form is supposed to be filled out, since it is not related to the social network at all and does not have any identifier. the company in the URL or in the elements of the site, with the exception of the bird icon.
In any case, those who have fallen into the trap, after entering their username, are asked to register the password, email address and phone number.
But as an aggravating factor, in the next step, the cybercriminals ask the person to re-enter the password to verify that it is correct.
As a last step, they request the verification code that was sent to the email, this in order to evade two-step authentication and be able to continue the theft successfully.
However, this theft campaign has been quickly denounced by users on the social network and according to these reports, there are still several active fake accounts trying to scam people.
Camilo Gutiérrez, head of the Research Laboratory of ESET Latin America, indicates that, “Although this campaign is in English, cybercriminals have contacted users from different countries, therefore it would not be strange if they could contact users from Latin America with accounts verified. It is also important to remember never to provide personal data when the request comes unexpectedly and without you having requested something.”
As a recommendation, users are suggested that if they are sent this type of direct message, they should check the verification mark of the sending account, make sure that it is not a recently created profile and that it has several followers as a sign of trust. However, it is worth contacting the official channels of the social network to verify that it is a legitimate notification from the company.
As mentioned above, this type of cybercrime is part of what is known as phishinga type of computer theft with which it is sought to access sensitive information of people such as accounts, usernames, passwords or bank details through emails sent to potential victims.
Finally, in this type of cyber trap, leaving the phone number on a malicious site is extremely dangerous, since through it they could be carrying out identity theft and other types of internet crimes.
:
