Posted on May 5, 2018 at 5:43 PM
Twitter Fails to Keep Phishing Scammers from Emulating Twitter
Twitter cannot be fully trusted to protect users’ privacy or to provide security from phishing scams as the mid-term elections draw closer.
On April 30, Slate writer, April Glaser, discovered a phishing scheme on Twitter, which imitated Twitter’s, now suspended, identity verification program. The misleading ad makes use of Twitter’s own white bird against a blue background and lifts phrasing almost word-for-word from Twitter’s own site. Glaser warns Twitter account holders of invites from the handle @asoiaf_ftw and of an ad that takes them to twitterverifiedapplication.com. As of May 2, the handle was still active on Twitter.
In late 2017, Twitter suspended its identity verification program after coming under heavy criticism from the public for verifying the account of white nationalist, Jason Kessler. While Twitter is said to have maintained that the program, was only meant to act as confirmation of identity and not as an endorsement of any particular user’s account or personal tweets, users, as well as the public at large, remained confused about the verification process and lobbied for its suspension.
Today cybercriminals apparently are taking advantage of the fact that the verification program existed at all. While some users are aware that the program was suspended, others are not. Those caught unaware could be led into thinking that Twitter has revamped the program and is offering its coveted blue “verified” checkmark again. According to April Glaser from Slate, the fake site looks authentic and it is not until one is asked to divulge so much personal data, that users’ suspicions are peaked. Glaser contends that scammers carefully reproduced Twitter’s famous trademark and pretty successfully imitated verbiage used on Twitter’s own page about ads in order to fool their victims.
Phishing attacks such as these are launched in order to wheedle as much personal information out of victims as possible. Those who use the same username or passwords across multiple platforms are particularly vulnerable to having their accounts hacked and then being locked out of their own accounts. Unfortunately, people do not just lose access to their email accounts but could have money pilfered, identities were stolen, or their various accounts used to launch further attacks, among other problems.
Glaser warns that, in light of the role bots, trolls, and politically motivated instigators were have thought to have played in the 2016 presidential elections, Twitter should be working harder to reassure its users that it is taking the issue of account abuse seriously. Glaser contends that by allowing users to imitate itself, Twitter is showing the American public that it is ill-prepared to help protect them from online scams in the future, particularly during the upcoming mid-term elections.