Security News > 2020 > July > Phishing attack spoofs Twitter to steal account credentials

A new phishing campaign spotted by Abnormal Security attempts to trick people with a phony Twitter security notification.
A new phishing campaign analyzed by the security provider Abnormal Security shows how the attackers are taking advantage of Twitter users to steal account credentials.
Using the Twitter brand name and logo, the initial email itself impersonated a Twitter security alert by claiming that the recipient's account was used to log into a different device in a different location, specifically a Windows 7 computer in Canada.
Of course, if the recipient takes the bait, their Twitter credentials fall into the hands of the attackers who will use them to compromise the person's account.
First, the security notification tries to convince the recipient that there's been malicious activity on their Twitter account.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- How New AI Agents Will Transform Credential Stuffing Attacks (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)