Cybercriminals Posing as Journalists and Twitter Employees to Hack Your Account

Cybercriminals on the prowl

Cybercriminals are using new social engineering tactics, posing as journalists or Twitter employees in order to trick users. These attacks typically aim to harvest credentials.

Cybersecurity experts at Poofpoint have recently noticed tactics that hackers from Iran and Turkey have been using in 2022 to steal credentials. The attacks include cybercriminals sending malicious emails stating that a user’s Twitter account has been hacked or a journalist’s request for the online interview.  

“The report by Proofpoint focuses on the effect these attacks have on  journalists. However, we have seen numerous times how ordinary people get their personal information stolen in phishing schemes. Hackers learn from each other, and it is only a matter of time that those tactics will be used on regular users,” said Daniel Markuson, a cybersecurity expert at NordVPN.  

Know your enemy: What are the newest tactics?

1. Fake Twitter security alert

During this attack, hackers – often from Turkey – send an email with a request to change a person’s Twitter account password because of a suspicious login from a new location. If a victim clicks on the link supplied in the email, they are taken to a credential-harvesting landing page that impersonates a Twitter login page to reset their password. 

Example:  

2. Impersonating a journalist

This trick is commonly performed by Iranian hackers, this attack involves impersonation. The hacker pretends to be an international journalist and asks for comments from their targets. If the victim agrees, the hacker sends them an invitation to a virtual meeting with a malicious link that leads to a credential-harvesting form or infects the device with malware or an IP tracker.  

Example:  

How to tell if it’s a phishing email

If you know what to look out for, detecting phishing scams is pretty easy. The clues are often hidden in plain sight.  

• A generic greeting. Don’t trust emails addressed to “Sir/Madam,” or “Ms/Mr.” Always be aware of language and fluency: shortened words, slang, and spelling errors are a dead giveaway.

• Minor changes in the domain name. The domain name is whatever comes after the @ sign in the sender’s email address. Since no two domains can ever be the same, scammers may alter securityalert@twitter.com to read twitter@securityalert.com.

• Emails requesting personal information. Especially if you find the link included —  be careful. Make sure you trust the source before clicking.

• Don’t click on links — instead, hover your mouse on the button to see the destination URL. Check if it looks legitimate and, especially, if it contains the “https” part.