Malwarebytes has warned Twitter users of a 'Promoted Tweet' phishing scam, that looks to lure in victims with the tempting offer of a shiny blue tick.
The message, which could appear in users' feeds regardless of who they follow, contains a link to a site that requests account information, and more worryingly payment details, in return for helping to place a blue tick on user profiles.
However, as security firm Malwarebytes noted, the entire set-up is a ruse which has so far ensnared almost 1,000 people.
"Over three days, the Promoted Tweet was clicked by 812 people, 97.4 per cent of them hitting the link via Twitter’s t.co redirect (in other words, directly from the sponsored tweet). 644 visitors arrived via iPhone, and 534 hits came from the US," the firm said.
The scam was first reported by web developer Izzy Galvez, who flagged the scam to Twitter via the firm's @support handle.
Does Twitter really have no vetting for promoted tweets? This is a straight up phishing attempt. @Support #InfoSec pic.twitter.com/EaVhnXwb3K
— Izzy Galvez (@iglvzx) October 28, 2016
It is unclear whether Twitter has reacted to the news, although a search for the Twitter handle of the account promoting the phishing page no longer returns any results.
Christopher Boyd, a malware intelligence analyst at Malwarebytes, explained that Promoted Tweets being hijacked to dupe users into giving up personal information should make people aware of the importance of never giving out sensitive data without being confident about the recipient.
"Whether links you see on Twitter are served by friends, strangers or even sponsored content placed there via Twitter itself, never take them for granted. The moment you see a site asking for log-in credentials and/or payment information, think very carefully about your next move," he said.
0 comments: