Twitter’s verification chaos has now become a cybersecurity issue

Share via:

Cybercriminals are already taking advantage of Twitter’s ongoing verification chaos by sending phishing emails designed to steal unwitting users’ passwords.

According to TechCrunch, the phishing email campaign attempts to trick Twitter users into entering their username and password on an attacker’s website disguised as a Twitter help form. The email is sent from a Gmail account and includes a link to a Google Doc and another to a Google Site, which allows users to host web content. This is likely to result in several layers of obfuscation, making it more difficult for Google’s automated scanning tools to detect abuse. However, the page contains an embedded frame from another site, hosted on the Russian web host Beget, that requests the user’s Twitter handle, password, and phone number — enough to compromise accounts that do not use stronger two-factor authentication.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Twitter’s verification chaos has now become a cybersecurity issue

Cybercriminals are already taking advantage of Twitter’s ongoing verification chaos by sending phishing emails designed to steal unwitting users’ passwords.

According to TechCrunch, the phishing email campaign attempts to trick Twitter users into entering their username and password on an attacker’s website disguised as a Twitter help form. The email is sent from a Gmail account and includes a link to a Google Doc and another to a Google Site, which allows users to host web content. This is likely to result in several layers of obfuscation, making it more difficult for Google’s automated scanning tools to detect abuse. However, the page contains an embedded frame from another site, hosted on the Russian web host Beget, that requests the user’s Twitter handle, password, and phone number — enough to compromise accounts that do not use stronger two-factor authentication.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at [email protected]

More like this

This Week in AI: Addressing racism in AI image...

Keeping up with an industry as fast-moving as AI is...

Miranda Bogen is creating solutions to help govern AI

To give AI-focused women academics and others their...

Byju’s founder, ousted by shareholders, says rumors of his...

Byju Raveendran, the founder of eponymous edtech group...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!