Hijackers directed customers to Twitter phishing website

Jun 23, 2014 22:49 GMT  ·  By

Over the weekend, customers of British Gas seeking help from the company’s social media team witnessed some strange tweeting, accompanied by links that led to a phishing website.

The links were all shortened, so an unsuspecting customer trying to find out what was so funny, interesting and cool that the help team felt the need to share it with the world would not be so quick at detecting that the page launched was actually a phishing attempt to grab their Twitter credentials.

According to security expert Graham Cluley, the links opened a page asking the victim to introduce their Twitter log in username and password because their session needed to be re-initiated.

Apart from the URL that reveals the fraud attempt, everything appeared to be a legitimate Twitter notification. The crooks even posted the reason for signing into the micro-blogging platform, invoking security reasons.

Cybercriminals are in constant need of web account credentials, especially for social networks, in order to spread their nefarious offers to other victims.

British Gas Help has a verified account on Twitter, which provides credibility to the users. Links in messages from a reputable source are more likely to be followed and make the deceit attempt more believable.

Fortunately, British Gas managed to regain control over their Twitter account and informed their followers of the incident, advising them to delete any spam tweets they received.

In order to prevent account hijacking, Twitter offers two-factor authentication, a double check ensuring that the true owner of the account is trying to log in, not a cybercriminal.

The service is free and requires registering a phone number, to which a verification code is sent when the user tries to log in.

Last week, another phishing campaign was in circulation, also targeting Twitter users. The scam promised verified accounts to the victims, a temptation many users might find hard to resist.

The cybercrooks set up a phishing page that did not present any signs of falsehood. They even made the effort to add links to legitimate Twitter pages, so hovering over them would show the victim that they were official.

Again, the only visible sign was the URL address and the fact that a secure connection was not in place. Even so, few users usually take the time to look at the address bar, as they are blinded by the reward promised by the scammers.

Enabling two-factor authentication and checking for the secure connection mark in the browser address bar when navigating on Twitter should thwart cyber-crooks' attempt to take over Twitter accounts.