Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Scammers Exploit Twitter’s Transition to “X”

    Scammers Exploit Twitter’s Transition to “X”Scammers are taking advantage of Twitter’s rebranding to “X,” according to Stephanie Adlam at Gridinsoft. A phishing campaign is targeting Twitter Blue users by telling them they need to transfer their subscription to X.

    “The email comes from x.com and passes the Security Policy Framework (SPF), even though it comes from the Sendinblue (now known as Brevo) mailing list platform,” Adlam writes. “This customer relationship management (CRM) company includes a mailing list platform that bypasses many spam filters, including those in Gmail… The email contains a ‘Transition’ link that, when clicked, opens a legitimate API authorization screen that asks you to log in to an app that looks like the official Twitter app… Authorizing the app will give attackers control over the victim’s Twitter account. Attackers will be able to access and update the profile and account settings and subscribe and unsubscribe to accounts. Cybercriminals can view, publish, and delete tweets from the account.”

    Adlam offers the following recommendations to help users avoid falling for these scams:

    • “Be careful with the emails you receive. Statistically, phishing is the most effective method of spreading malware. Only open it if you expect to receive an email from a specific company or organization.
    • “Carefully check the address of the site to which you are redirected. Please hover the mouse over the link or button, and the full address where the link leads will appear in the lower left corner. Do not follow the link if the site address differs from the correct one. (This method may not work if attackers use a URL Shortener).
    • “Never enter your personal information, such as logins and passwords, on sites you don’t know or doubt their legitimacy. Today, scammers have learned how to spoof legitimate sites. The presence of an SSL certificate on a phishing site is no surprise to anyone. Therefore, it is essential to be vigilant before entering any information on the site.
    • “Be careful with attachments and links. Legitimate organizations never ask via email to download and run a file. Instead, they ask you to download the file from the official website. Only open files or click on links if you are sure the sender is trustworthy.
    • “Use two-factor authentication for your online accounts. 2FA adds an extra layer of security by asking you to enter a code from your cell phone when you log in.
    • “Use antivirus software and keep it up to date. Sometimes a person can make a mistake and inadvertently download malware onto a device. In this case, an anti-malware solution will neutralize the threat before it deploys the payload.”

    New-school security awareness training can enable your employees to follow security best practices so they can avoid falling for social engineering attacks.

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews