Some Old Tricks Are Back
By Dominic Alvieri
October 5th, 2022
The Bird is Being Fished
Twitter staff has just been cut in half.
Half of the cybersecurity department and every department is missing staff and that might bring out more scammers. There has already been an increase in verification phishing targeting Twitter in the past week in addition to the usual scams.
Several old tricks are back. Secure your accounts with phishing resistant MFA. Here is a quick list of several of the old scams that have returned and what to look for.
Is the official social media account with a hyphen or an underscore? or without them?
Is the official login with a dot or a hyphen?
One of the most dangerous Twitter phishing domains came back to life yesterday, login-twitter.com
The official Twitter login is login.twitter.com
One of the original scams is the hyphen replacing the dot on an URL. The hyphen can replace an underscore on a social media account and the other way around. An underscore is viewed as a continuation while a hyphen is a separation. Both are used.
The good news-Very easy to spot and search engines consider hyphens spammy which helps deter SEO poisoning making it difficult for a major SEO poisoning campaign.
The bad news-Still easy to fall for and still subject to major phishing and smishing campaigns.
openseablog and OpenSeaBlog
Both of these accounts are active now tweeting a fake critical vulnerability scare pointing to a new malicious domain name shown below.
The official Twitter login is not hyphenated
Is the official domain a dotcom, dotnet or an xyz?
Malicious domain registrations are a continuous battle with every new TLD approved. Twitter is a dotcom. MetaMask is an io. You need to know the official domain of the company or service you plan to utilize.
The large "i" that replaces the small "L"
The title says it all. Lookalike social media handles can cause havoc.
On your left is my Twitter account and your right is a spoof. Both appear to be @AlvieriD
Copy a few lines of text and a few photos and you have a near perfect fake account impersonating me.
This again is not new but making a comeback. Domains and social media companies are vulnerable to this scam. Even Elon Musk had his account spoofed with this scam as shown below.
The account on your left is his official account while the one on the right is @ e"I"onmusk
Any company or person with an "L" in their name is vulnerable to this social media account scam. Website domains have been vulnerable to this since the start of the commercial internet.
There are so many other scams and frauds to watch out for. It's always the little things.
The Cyber Show
Dominic Alvieri
Twitter @AlvieriD