Catches of the Month: Phishing Scams for August 2022

Welcome to our August 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data.

This month, we look at a scam targeting verified Twitter users and the latest in a series of phishing campaigns that are designed to steal the contents of cryptocurrency wallets.

Twitter accounts hacked to send fake suspension notices

There have been dozens of reports in the past few weeks of verified Twitter users receiving “suspension notices” and soon afterwards having their login credentials compromised.

Research has revealed that the suspension notices aren’t coming from Twitter but are fakes sent by cyber criminals. The scam came to light after Bleeping Computer reporter Sergiu Gatlan revealed that he had been targeted.

“Your account has been flagged as inauthentic and unsafe by our automated systems, spreading hate speech is against our terms of service,” the message claimed.

It continued: “We at twitter take the security of our platform very seriously. That’s why we are suspending your account in 48h if you don’t complete the authentication process.”

Source: Bleeping Computer

A version of this scam is thought to have been sent to countless verified users – a status that is marked with a blue check mark and is reserved for notable figures who provide evidence that they are the person they claim to be.

Anyone who follows the link in the message, which is masked with a tinyurl.com domain, is redirected to “https://twitter-safeguard-protection[.]info/appeal/”.

Although the domain might appear genuine at first, with the first word being “twitter”, a closer look reveals that this is only part of the domain, and as such it isn’t affiliated with “twitter.com”.

Nonetheless, the site does a good job imitating the genuine Twitter login page and asks users to provide their username and password.

The bogus site also uses Twitter’s APIs to retrieve information about the genuine account, including the display photo, which adds another layer of legitimacy to the scam.

Source: Bleeping Computer

When users enter their email address and password, the site states: “Authenticity Check is completed, your account has been proved authentic by our automatic system, all current problems are resolved”.

However, what the user has actually done is hand their login credentials to the attackers, who will change the password to lock the user out of their account.

These sorts of scams are far too common, with Twitter in particular being a frequent target, yet people get caught out time and again.

This is in part due to an inherent quality of phishing, with criminal hackers capitalising on people’s fears.

In this case, they are exploiting people’s panic that a Twitter account that they have spent countless hours cultivating could be shut down. In the rush to resolve the issue, they will miss the clues that the message is fraudulent.

However, the success of these scams is also a down to a lack of awareness of how phishing works. Although Twitter users are generally tech-literate, many would be unable to spot a scam even if they weren’t caught out in the moment.

This is bad enough if someone’s personal account is hacked, but the real problems start when the same mistakes occur on corporate accounts.

In these circumstances, it’s not just the individual who is affected. Rather, the data breach will expose sensitive information about the organisation and its customers.

It’s why phishing staff awareness courses must be an essential part of every organisation’s operations. Employees must be shown what phishing emails look like, the consequences of a successful scam and what they can do to prevent attacks.

Cryptocurrency users warned of MetaMask phishing campaign

A new phishing campaign is targeting users of the crypto wallet MetaMask.

The blockchain security firm Halborn has warned crypto enthusiasts to look out for suspicious emails telling people to comply with their KYC (Know Your Customer) regulations. The messages advise users to verify their wallets using a link in the email, but doing so would allow the scammers tocapture the funds from those wallets.

Halborn says there are several red flags in the messages that point to it being a scam. The most obvious signs are spelling errors, which indicate that the emails were not written by a native English speaker, nor do they come from an official communication channel.

The emails are also sent from the email address “metamasks.auction” rather than the genuine domain, “metamask.io”.

Another clear sign that these messages are fraudulent is that the emails are not addressed specifically to the recipient.

In almost all legitimate correspondences, the organisation will store the user’s name alongside their contact information. As such, emails almost always refer to the recipient by name.

If you aren’t, it’s usually because the sender has captured email addresses in bulk without any supplementary information. This is often the case when criminal hackers steal sensitive information from an organisation’s database and use it to launch additional attacks.

This doesn’t necessarily mean that MetaMask itself was compromised. The information could have stemmed from any number of places, with the emails sent out in the hopes that at least a portion of the recipients are MetaMask users.

With the number of scams currently going around targeting crypto users, there are countless places from which the information could have originated. Anyone who uses a crypto wallet should keep an eye out , and MetaMask users should be especially vigilant.

Can you spot a scam?

All organisations are vulnerable to phishing, no matter their size or sector, so it’s essential to understand how you might be targeted and what you can do to prevent a breach.

You can help educate your staff with IT Governance’s Phishing Staff Awareness Training Programme.

This 45-minute course uses real-world examples like the ones we’ve discussed here to explain how phishing attacks work, the tactics that cyber criminals use and how you can detect malicious emails.