Scoop has an Ethical Paywall
Work smarter with a Pro licence Learn More

Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

New Social Engineering Tactics: Cybercriminals Posing As Journalists Or Twitter Employees

These attacks typically aim to harvest credentials

Cybersecurity experts at Poofpoint have recently noticed tactics that hackers from Iran and Turkey have been using in 2022 to steal credentials. The attacks include cybercriminals sending malicious emails stating that a user’s Twitter account has been hacked or a journalist’s request for the online interview.

“The report by Proofpoint focuses on the effect these attacks have on  journalists. However, we have seen numerous times how ordinary people get their personal information stolen in phishing schemes. Hackers learn from each other, and it is only a matter of time that those tactics will be used on regular users,” says Daniel Markuson, a cybersecurity expert at NordVPN.

Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

Know your enemy: What are the newest tactics?

  1. Fake Twitter security alert

During this attack, hackers – often from Turkey – send an email with a request to change a person’s Twitter account password because of a suspicious login from a new location. If a victim clicks on the link supplied in the email, they are taken to a credential-harvesting landing page that impersonates a Twitter login page to reset their password.

Example:

  1. Impersonating a journalist

Typically performed by Iranian hackers, this attack involves impersonation. The hacker pretends to be an international journalist and asks for comments from their targets. If the victim agrees, the hacker sends them an invitation to a virtual meeting with a malicious link that leads to a credential-harvesting form or infects the device with malware or an IP tracker.

Example: 

How to tell if it’s a phishing email

If you know what to look out for, detecting phishing scams is pretty easy. The clues are often hidden in plain sight.

  • A generic greeting. Don’t trust emails addressed to “Sir/Madam,” or “Ms/Mr.” Always be aware of language and fluency: shortened words, slang, and spelling errors are a dead giveaway.
     
  • Minor changes in the domain name. The domain name is whatever comes after the @ sign in the sender’s email address. Since no two domains can ever be the same, scammers may alter securityalert@twitter.com to read twitter@securityalert.com.
     
  • Emails requesting personal information. Especially if you find the link included —  be careful. Make sure you trust the source before clicking.
     
  • Don’t click on links — instead, hover your mouse on the button to see the destination URL. Check if it looks legitimate and, especially, if it contains the “https” part.

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.