[Corp Blog] Twitter Blue to X Phishing Breakout – Gridinsoft Blogs
gridinsoft.com
Summary
- Scammers exploit Twitter's rebranding (transition to name "X") confusion for phishing.
- Twitter Blue users targeted, offered migration to "X," but scammers gain account access.
- Phishing emails seem genuine, appearing to come from x.com and passing the Security Policy Framework (SPF), and include deceptive authorization link, opening a legitimate API authorization screen.
- Clicking link grants attackers control over victim's Twitter account settings and content.
- Victims can block access by revoking app authorization in Twitter settings.
- Twitter is aware and "working on a solution."
::: spoiler Article's Safety Recommendations (probably a bit generic and self-promotional)
-
Being cautious with unfamiliar emails, especially attachments or links.
-
Verifying URLs by hovering over them.
-
Not sharing personal info on suspicious/unknown sites.
-
Be careful with attachments and links.
-
Using two-factor authentication (2FA) for account security.
-
Keeping antivirus software updated to prevent malware. :::
Edited based on comment from: @incogtino@lemmy.zip
You are viewing a single comment
Safety Recommendations: Quit Twitter.
Ethical phishing: Email Twitter users, steal their credentials, close their accounts
/jk
... unless