Some social media platforms, including Twitter and Discord, are seeing a wave of phishing schemes to trick users into giving them their accounts. These scammers are threatening users with account abuse allegations and other scare tactics.
Malwarebytes Labs, a cybersecurity platform, has found 2 phishing schemes like these in the past week. Social media platforms namely Twitter and Discord were targeted by these phishing schemes.
The Twitter phishing scam used Direct Message (DM) to trick users into giving them login information. They initially accused the user of violating the terms of service and using hate speech. After that, they asked users to verify their accounts to stop their accounts from being suspended. If you follow it, they redirect you to a fake help center where they ask users for login information.
Dissuade users of phishing campaign messages through their friends or a stranger’s account, accusing them of violating a server’s rules, such as sending clear images. This message contains a link to the server and the user must log in using a QR code. According to MalwareBytes, if the user does this, their account will be taken over by fraudsters.
SlashNext CEO Patrick Harr warns users about such phishing attacks saying that these are much smarter than traditional phishing scams. They use fear to make the victim move before asking if it is suspicious. These are said to be the most dangerous of all social engineering scams.
Patrick Harr goes on to say that scammers target Discord and Twitter users by threatening their business, status or personal profile. This is what makes them so effective.
The main goal is to kidnap the victim using psychological tactics and steal bank accounts or other personal data. More importantly, gaining access to an employee’s social media account gives access to information about the entire enterprise’s data and leaks a lot of information.
A security awareness advocate at KnowBe4, James McQuiggan says that many times, phishing scams rely on users’ emotions and create a sense of urgency, and in haste, they make the wrong decisions. For example, in email phishing scams that rely on fear and urgency, users don’t bother to check the sender or link first. This makes them susceptible to phishing attacks.
Same is the case with these Twitter and Discord scams that happened last week. They threatened users with the possibility of suspending or banning their accounts. This makes the user click on the link and open a fake website that looks exactly like the official login page of the platform.
Pressuring victims to act quickly and providing their information before they notice anything suspicious seems to be the perfect strategy for these phishing scams. In the case of Twitter, the user would be surprised considering the backlash from his account being suspended for hate speech. This prevents them from noticing any red flags.
Phishing attacks are extremely dangerous for remote workers, especially since they have no in-person interaction with their colleagues. This makes them highly dependent on social media platforms and digital workspaces.
Cybercriminals can easily check where and in what position a specific user works using Twitter or LinkedIn to target their scams.
Patrick Harr, says that to counter these scams for online workspaces and remote workers, organizations should use social engineering training as well as additional security measures.
Organizations should also implement mobile phishing protection for all personal and enterprise accounts.
Finally, the fact of the matter is that phishing scams will never die out and instead will only get better thanks to DeepFake technology. But such is the case with any new invention, they have their pros and cons.
Read more: PayPal becomes the new identity theft cover
