August 17, 2022

Users on Twitter receive messages purportedly from “Twitter Support” urging them to act quickly to avoid suspension, often even from users with a blue check. But these are almost certainly scams – here’s what to look for, and what it would look like if Twitter really needed to contact you.

First, it should just be mentioned as a general rule Any message from anyone you don’t know on any platform you’re using should be viewed with suspicion. dont follow Which Links or instructions, and if you’re not sure at all, take a screenshot and send it to a friend for help!

Let’s move on to today’s issue: spam.

This type of scam is used by different names depending on what the scammers are looking for. It may be various phishing in the park, they are trying to trick you into divulging personal or financial information. But it can be a more complex long-term plan to get to high-profile accounts.

jump method

It works like this: First you do some spray-and-pray-style messages to get a few people to click through to access one of the many ways to get their credentials, whether it’s social engineering (“Please check your current password”) or a fake app (“Please update”). Tw1tter”) or some more serious device-wide acquisition. This makes scammers control a few real people’s accounts.

Example of a scam direct message from a hacked verified account.

With these accounts, they sent more spam, using the accounts’ legitimacy to hide their nefarious actions. This allows them to have more accounts, and if they are lucky, they will move to higher level accounts, such as a verified account followed by the user who opened their direct messages.

Once they take possession of the Blue Check account, they might change the name to something like “Urgent Support” and start sending legitimate-looking warnings to the undoubtedly thousands of followers of such a user.

Here’s how to spot a scam and protect yourself. One message a TechCrunch reporter received today from a verified account was as follows:

Twitter Support | violation


We’ve detected a lot of suspicious login attempts to your account recently.

We care about the security of verified accounts.

Your account will be suspended within 24-48 hours for security reasons. If you do not, you must send us an appeal form so that your account will not be suspended and we can review it.

[link to innocuous looking non-Twitter domain]

In any case, we will communicate with you again through this channel.

thanks for understanding,
Twitter Help account.

Lots of people will see the verified account, a bit of standard-looking warning text, and hit the link. How should they know what a comment warning on Twitter looks like? They are not internet whistleblowers, and frankly they shouldn’t be in order to keep their accounts secure, but that is the reality of social media today.

Fortunately, it is very easy to spot a scam, and you can protect yourself with the following steps.

How to spot a scam text message

Laptop virus alert.  Trojan malware notification on computer screen.  Hacker attack and unsecured internet connection vector concept.  Internet virus malware illustration

Image credits: microphone / Getty Images

First, there are two red flags with the same message.

  1. Twitter will never contact you via direct message regarding account issues. This type of communication is generally made via the email associated with the account. Think about it: if Twitter thinks a scammer may have taken over your account, do they DM that account? No – they have a secure line to your email that no one else knows about. “If we contact you, we will never ask for your password and our emails will only be sent from,” a Twitter representative said. If you receive a text, it will come from 40404.
  2. The sender is not Twitter. Again, Twitter will not use this channel initially, but the message is not coming from them. If you look at a person’s profile, you will find that they are just a random person, or “egg” as we used to call them.
  3. The link takes you to a place you’ve never heard of. Of course you should not go to scam xxx links to be suspicious! The links can be in any message, direct message, email, or even online quite often Designer to be misleading. this link It already goes to Google, for example. Only follow links in messages or emails that you know are authentic – if you’re not sure, don’t!
  4. The language is kind of off. Not everyone will pick up on this, but it’s clear on a careful reading that this may not have been made by an English speaker – and Twitter communication in English is sure to be in clear, error-free language. It would be the same in other languages ​​- if you notice something strange, even if you’re not sure, it should set off alarm bells!

So what should you do if you receive a message that looks scam? The safest thing is Ignore and delete. you can if you want Report to Twitter using directions here.

Protect yourself with double safety

The best thing you can do to guard against scams like this is Turn on two-factor authentication. , sometimes called 2FA or MFA (Multi-Factor Authentication). We have a full guide for that here:

2FA will be in your Twitter security settings, and in the security settings of many of your other online apps and services as well. What two-factor authentication does is simply check with you directly via a secure “authentication” app that asks “Are you trying to log into Twitter?” If you see this message and you’re not logged into Twitter, something is up!

When you want to log in, it will ask you for a number generated by the authentication app that only you can see, or sometimes via text (although this method is gradually being phased out). These numbers should only be entered at the login screen and not told to anyone else.

If you have two-factor authentication (2FA) enabled, then even if you accidentally provide some login information to a scammer, when they try to login, they will check with you to make sure. This is a very useful thing in today’s dangerous cybersecurity environment!

That’s it – now you and anyone you care about telling on Twitter will not be fooled in this way. If you want to further enhance your cybersecurity prowess, check out our Cybersecurity 101 series.

Source link

Leave a Reply

Your email address will not be published.