A new Twitter credit card phishing scam has been detected by cybersecurity firm Proofpoint. Twitter users are offered verified account status via native Twitter ads; however, signing up involves providing credit card details, which will be handed directly to the attackers.
Achieving verified account status can be a long-winded process. Users of public interest accounts are required to complete multiple steps to verify the identity of the account holder. The ads offer a quick method of bypassing all of those steps. The scam has been developed to appeal to brand managers, influencers, and small businesses, many of whom not be able to achieve verified status easily as they do not have immediate access to all of the necessary identification documents required by Twitter.
The advertisements look authentic and closely mimic those used by the official Twitter support team. The account used for the ads – @SupportForAll6 – has been branded with official Twitter logos and uses the exact same color scheme as the official @Support account. At first glance the account appears genuine, although closer inspection should raise a few red flags. For an official account, it has a suspiciously low number of followers and the name of the account is also somewhat suspect.
Clicking on the adverts will direct Twitter users to a website with the domain “twitterhelp dot info”. Again, the name is suspect and should arouse suspicion. However, since it contains the name ‘Twitter’ it may be sufficient to fool many users, especially since the same color scheme and branding are used as on the official Twitter site.
In order to register for the quick verification process, users must confirm a range of information including their Twitter account name, phone number, email address, and account password. The next stage in the process is for the user to enter in their credit card number/security code for verification purposes. The user is informed that no payment will be taken, although Proofpoint explains that the form contains a template for extracting payment which has been taken from Github.
The phishing scam is being used for credit card fraud, although users’ Twitter accounts would also be compromised and could be used for a variety of nefarious purposes.
The Twitter credit card phishing scam is not particularly sophisticated and there are many signs that this is a scam, although it is still likely to be effective. Proofpoint researchers also point out that while Twitter users are currently being targeted there is no reason why the scam could not be used to attack users of other social media platforms that have a complicated and long-winded account authentication process. Provided a realistic looking domain can be registered by the attackers, the scam could be easily pulled off.