According to cybersecurity company ESET, in order to control the verified accounts of Twitter users, cybercriminals are the official center of social network support, through fake profiles created by them, creating a so-called “feedback center”.

Based on the above, these attackers name official support channels to quickly attract the attention of a potential victim who is sent a message or message indicating that they are in the midst of an alleged case of account breach.

After that, in the said message, they indicate to the user that they should fill in the form with personal information as soon as possible to verify whether he is really the creditor of the Twitter account, otherwise he will be stopped and the confirmation mark will be removed. .

However, the first indication that this is an “phishing” attempt is when opening a website, where the form must be completed, as it is not connected to the social network at all and does not have any identifiers. In the URL or elements of the site, except for the bird icon.

In any case, those who fall into the trap are asked to register a password, email address and phone number after entering the username.

But as an aggravating factor, at a later stage cybercriminals ask the person to re-enter the password to confirm its correctness.

As a final step, they request a confirmation code that was sent to the email to avoid two-step authentication and to be able to successfully continue the theft.

However, this campaign of theft was quickly condemned by users on the social network, and according to these reports, there are still several active fake accounts that try to deceive people.

Camilo Gutierrez, head of research at ESET Latin America, said: “Although the campaign is in English, cybercriminals have been contacting users from around the world, so it would not be strange if they could connect with Latin American users through verified accounts. It is also important to remember to never provide personal data when a request comes suddenly and you do something without a request. ”

As a recommendation, users are offered to check this type of direct message when checking the sending account confirmation mark, make sure it is not a newly created profile and has several followers as a token of trust. . However, it is worth contacting the official channels of the social network to verify that this is a legitimate message from the company.

As mentioned above, this type of cybercrime is part of what is known as PhishingA type of computer theft that involves accessing sensitive information, such as accounts, usernames, passwords, or bank details, through emails sent to potential victims.

Finally, in this type of cyber trap, leaving a phone number on a malicious site is extremely dangerous because through it they can commit identity theft and other internet crimes.

Continue reading: