A phishing campaign is using the recent Twitter hack as phishbait, HackRead reports. In mid-July, hackers used social engineering against Twitter employees to gain access to more than a hundred Twitter accounts belonging to celebrities, politicians, and other high-profile individuals. Attackers are now leveraging this well-known incident to trick Twitter users into handing over their credentials.
The security team at First Look Media has spotted emails purporting to come from Twitter, informing recipients that they need to click a link to confirm their identity following the hack. The text of the phishing emails is nearly identical to Twitter’s real statement on the matter.
“We are aware of a security incident affecting Twitter accounts,” the emails state. “We are investigating and taking action to correct. We have detected what we believe to be a social engineering attack coordinated by people who have successfully targeted some of our employees with access to internal systems and tools. For security you must confirm your identity.”
The email contains a button that says “Confirm your identity,” which leads to a link created with the SendGrid email delivery service. This link then redirects to another link created with t.co, Twitter’s URL shortening service, which points to the phishing site. The use of these two legitimate services enables the attacker to obfuscate the actual phishing link, “https://mobile[.]mobile[.]twittersafes[.]com/login.” This site presents a convincingly spoofed version of Twitter’s homepage and login page.
If someone tries to access the final phishing URL without first being redirected from the “t.co” link, the phishing site will rickroll them by sending them to Rick Astley’s “Never Gonna Give You Up” music video. The researchers explain that this helps the site avoid being detected by automated security tools.
Interestingly, the researchers note that the phishing domain, “twittersafes[.]com,” was registered in June, a month before the Twitter hack. This suggests that the attacker was planning on phishing for Twitter credentials anyway, but then tailored their phishbait to take advantage of the high-profile security incident.
New-school security awareness training can teach your employees to be suspicious of emails, texts, and other messages that ask them to click on a link or open an attachment.
HackRead has the story.