<img src="https://secure.leadforensics.com/32105.png" style="display:none;">

Phishing trip

Just a few days after writing an article on how to avoid phishing and spoofing scams, it was with precision timing that we were the target of a phishing attempt on Twitter. Always grateful for extra blog material :)

 

A Twitter Phishing Expedition

The benefit of shortened links is they are short, the downside is they mask the destination website address, so are ideal for phishing scams. Visiting the page through the mobile Twitter app won't automatically show you the destination website address, so it's easy to understand why some people may be tricked into entering their details while on the move.

Spoofed website

The link takes you to what looks like the Twitter website, where you're told that your session has timed out and you need to enter your username and password to sign in.

As discussed in our recent blog article, be wary of any site which asks you to fill in login details after clicking a link. At first glance the site may look okay, but take a closer look at the website address:

Anyone who enters their details into the fields and clicks 'Sign in' will have their username and password captured and then be forwarded and logged into the legitimate twitter.com site, so they may not be aware that it's happened. The account that sent us the message was most-likely an earlier victim of the scam.

What to do if you've been caught out and entered your details

You should visit the legitimate Twitter website immediately and if you can still access your account, change your password, and if you've used that same password on other sites you need to change it on those too. If you can't access your account visit the Twitter Compromised Accounts help page. You should also report the phishing site to Twitter.

It always pays to be suspicious of unsolicited messages or emails which ask you to sign into or verify accounts. Making yourself aware of phishing and spoofing methods will make these scams much more obvious to you and reduce the chances of ever being affected.

Further Reading

Back to Blog

Related Articles

The 3 Steps to Passwordless

More than 80% of all enterprise data breaches are made possible by weak or stolen passwords. The majority of employees who have already been scammed through...

Why should your enterprise remove passwords from users now?

The cyber risks posed to organisations from password-based authentication are increasingly well-known, but there are a variety of approaches that businesses can...

Ransomware Attacks. Why IAM is a key defence for Enterprises

The rapid growth of ransomware attacks is showing little sign of abating, with 37% of organisations hit by a ransomware attack in 2021, according to Sophos. The...