High-Profile Caper Spawns Phishing Campaign

phishing attack social engineeringA phishing campaign is using the recent Twitter hack as phishbait, HackRead reports. In mid-July, hackers used social engineering against Twitter employees to gain access to more than a hundred Twitter accounts belonging to celebrities, politicians, and other high-profile individuals. Attackers are now leveraging this well-known incident to trick Twitter users into handing over their credentials.

The security team at First Look Media has spotted emails purporting to come from Twitter, informing recipients that they need to click a link to confirm their identity following the hack. The text of the phishing emails is nearly identical to Twitter’s real statement on the matter.

“We are aware of a security incident affecting Twitter accounts,” the emails state. “We are investigating and taking action to correct. We have detected what we believe to be a social engineering attack coordinated by people who have successfully targeted some of our employees with access to internal systems and tools. For security you must confirm your identity.”

The email contains a button that says “Confirm your identity,” which leads to a link created with the SendGrid email delivery service. This link then redirects to another link created with t.co, Twitter’s URL shortening service, which points to the phishing site. The use of these two legitimate services enables the attacker to obfuscate the actual phishing link, “https://mobile[.]mobile[.]twittersafes[.]com/login.” This site presents a convincingly spoofed version of Twitter’s homepage and login page.

If someone tries to access the final phishing URL without first being redirected from the “t.co” link, the phishing site will rickroll them by sending them to Rick Astley’s “Never Gonna Give You Up” music video. The researchers explain that this helps the site avoid being detected by automated security tools.

Interestingly, the researchers note that the phishing domain, “twittersafes[.]com,” was registered in June, a month before the Twitter hack. This suggests that the attacker was planning on phishing for Twitter credentials anyway, but then tailored their phishbait to take advantage of the high-profile security incident.

New-school security awareness training can teach your employees to be suspicious of emails, texts, and other messages that ask them to click on a link or open an attachment.

HackRead has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews