Since Elon Musk closed the purchase of Twitter at the end of October, there have been cybersecurity problems related to the platform.
Twitter Blue, the paid subscription service that was launched earlier this month in the United States, Canada, Australia and New Zealand and through which the tycoon intended to offer the blue badge for verified accounts without actually verifying the user's identity, as was the case until now, it became unavailable in the face of a wave of impostors and identity theft.
However, this has not been the only chaos that has arisen as a result of the new leadership in the company;
According to the cybersecurity company Proofpoint, since the acquisition took place, its researchers have “observed a considerable increase in phishing campaigns related to this social network.
Specifically, cybercriminals are using account verification and the new Twitter Blue product as lures to steal Twitter credentials."
Of course, these attacks are not targeting users in general, but "are usually directed at public figures or those related to the media, including journalists, who are the ones who may have verified accounts."
As the company points out, the email address is sometimes available in the Twitter biography or coincides with the username, “so it is easy for scammers to get to”.
Even so, as in any possible case of phishing, caution is recommended: "The subject lines of these emails usually refer to the payment of the new premium subscription introduced by Musk and in the content there are usually Google forms for the collection of data and URLs that direct to websites managed by cybercriminals”.
In other cases of fraudulent campaigns, Twitter has recommended consulting the @TwitterSeguro and @TwitterSafety accounts (although since Musk's arrival they have not been published again), the Help Center articles (where there are spaces that address how to identify fake emails and tips to improve account security) and his blog.
It's important not to download any attachments or click links, or share login information outside of the official Twitter forms.
Proofpoint insists on the danger that the profiles that are being victimized are of special public relevance: "These compromised accounts are then used to spread false information, incite other users to interact with malicious content and get scammed, or to promote more campaigns of phishing”.
Proofpoint's vice president of research and threat detection, Sherrod DeGrippo, explains that “it is not surprising that activity has increased in recent weeks.
It is very common for cybercriminals to use relevant news or topics to capture the interest of their target and thus increase the likelihood that they will interact with the content of the email.
You can follow
EL PAÍS TECNOLOGÍA
or sign up here to receive our