Saturday, November 5, 2022

2 Minute Social Media Account Protection Guide

Some Old Tricks Are Back


By Dominic Alvieri
October 5th, 2022

The bird is ill.


The Bird is Being Fished


Twitter staff has just been cut in half.

Half of the cybersecurity department and every department is missing staff and that might bring out more scammers. There has already been an increase in verification phishing targeting Twitter in the past week in addition to the usual scams.

Several old tricks are back. Secure your accounts with phishing resistant MFA. Here is a quick list of several of the old scams that have returned and what to look for.



Twitter challenges with half of the staff missing.


Is the official social media account with a hyphen or an underscore? or without them?


Is the official login with a dot or a hyphen?


One of the most dangerous Twitter phishing domains came back to life yesterday, login-twitter.com

The official Twitter login is login.twitter.com

One of the original scams is the hyphen replacing the dot on an URL. The hyphen can replace an underscore on a social media account and the other way around. An underscore is viewed as a continuation while a hyphen is a separation. Both are used. 

The good news-Very easy to spot and search engines consider hyphens spammy which helps deter SEO poisoning making it difficult for a major SEO poisoning campaign. 

The bad news-Still easy to fall for and still subject to major phishing and smishing campaigns.


openseablog and OpenSeaBlog


Both of these accounts are active now tweeting a fake critical vulnerability scare pointing to a new malicious domain name shown below.



Twitter @AlvieriD





The official Twitter login is not hyphenated

The official Twitter login does not have a hyphen.


Getting phished at Twitter?



Is the official domain a dotcom, dotnet or an xyz?


Malicious domain registrations are a continuous battle with every new TLD approved. Twitter is a dotcom. MetaMask is an io. You need to know the official domain of the company or service you plan to utilize.

The large "i" that replaces the small "L"


The title says it all. Lookalike social media handles can cause havoc.

On your left is my Twitter account and your right is a spoof. Both appear to be @AlvieriD



Dominic Alvieri, Twitter @AlvieriD


Copy a few lines of text and a few photos and you have a near perfect fake account impersonating me. 

This again is not new but making a comeback. Domains and social media companies are vulnerable to this scam. Even Elon Musk had his account spoofed with this scam as shown below.

The account on your left is his official account while the one on the right is @ e"I"onmusk 


Fake Elon Musk Twitter account.


Any company or person with an "L" in their name is vulnerable to this social media account scam. Website domains have been vulnerable to this since the start of the commercial internet.

There are so many other scams and frauds to watch out for. It's always the little things.


The Cyber Show by Dominic Alvieri.


The Cyber Show
Dominic Alvieri
Twitter @AlvieriD

No comments:

Post a Comment

Are You Trollin Me?

 Did Black Suit Ransomware just try to troll me? by Dominic Alvieri July 3rd, 2024 @AlvieriD The story goes a little something like this... ...