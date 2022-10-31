U.S. markets closed

  • S&P 500

    3,871.98
    -29.08 (-0.75%)
     

  • Dow 30

    32,732.95
    -128.85 (-0.39%)
     

  • Nasdaq

    10,988.15
    -114.31 (-1.03%)
     

  • Russell 2000

    1,846.86
    -0.06 (-0.00%)
     

  • Crude Oil

    86.18
    -0.35 (-0.40%)
     

  • Gold

    1,635.60
    -5.10 (-0.31%)
     

  • Silver

    19.12
    +0.00 (+0.01%)
     

  • EUR/USD

    0.9889
    -0.0077 (-0.77%)
     

  • 10-Yr Bond

    4.0770
    +0.0670 (+1.67%)
     

  • GBP/USD

    1.1470
    -0.0145 (-1.25%)
     

  • USD/JPY

    148.7200
    +1.3000 (+0.88%)
     

  • BTC-USD

    20,505.66
    -112.68 (-0.55%)
     

  • CMC Crypto 200

    484.76
    -3.45 (-0.71%)
     

  • FTSE 100

    7,094.53
    +46.86 (+0.66%)
     

  • Nikkei 225

    27,587.46
    +482.26 (+1.78%)
     

Twitter's verification chaos is now a cybersecurity problem

Zack Whittaker
·2 min read

Cybercriminals are already capitalizing on Twitter's ongoing verification chaos by sending phishing emails designed to steal the passwords of unwitting users.

The phishing email campaign, seen by TechCrunch, attempts to lure Twitter users into posting their username and password on an attacker's website disguised as a Twitter help form.

The email is sent from a Gmail account, abd links to a Google Doc with another link to a Google Site, which lets users host web content. This is likely to create several layers of obfuscation to make it more difficult for Google to detect abuse using its automatic scanning tools. But the page itself contains an embedded frame from another site, hosted on a Russian web host Beget, which asks for the user's Twitter handle, password and phone number — enough to compromise accounts that don't use stronger two-factor authentication.

Google took down the phishing site a short time after TechCrunch alerted the company. A Google spokesperson told TechCrunch: "Confirming we have taken down the links and accounts in question for violations of our program policies."

A screenshot of the phishing email designed to steal Twitter users' credentials. Image Credits: TechCrunch.

The campaign appears crude in nature, likely because it was quickly put together to take advantage of the recent news that Twitter will soon charge users monthly for premium features, including verification, as well as the reported possibility of taking away verified badges of Twitter users who don't pay.

As of the time of writing, Twitter has yet to make a public decision about the future of its verification program, which launched in 2009 to confirm the authenticity of certain Twitter accounts, such as public figures, celebrities and governments. But it clearly hasn't stopped cybercriminals — even on the lower-skilled end — from taking advantage of the lack of clear information from Twitter since it went private this week following the close of Elon Musk's $44 billion takeover.

TechCrunch also alerted Beget to the phishing pages, but did not immediately hear back. A spokesperson for Twitter did not immediately respond to a request for comment.

Elon Musk’s plan to charge for Twitter verification will be a misinformation nightmare

Recommended Stories

  • Elon Musk tells Europe that Twitter will comply with bloc's illegal speech rules

    Elon Musk's tenure at Twitter is already shaping up to be confusing and contradictory. On the one hand, a fresh report today suggests Musk is preparing major staff cuts: 25%, per the Washington Post. A move that will, self-evidently, demand a beefed up legal, trust and safety function inside Twitter if Musk is to actually deliver compliance with the EU's Digital Services Act (DSA) -- at a time when Musk is sharpening the knives to cut headcount.

  • Bed, Bath & Beyond confirms data breach following employee phishing attack

    U.S. retail giant Bed, Bath & Beyond has confirmed unauthorized access to company data after an employee was phished. In an 8-K filing to the U.S. Securities and Exchange Commission, the home goods retailer said it became aware that an attacker had “improperly accessed” company data after a successful phishing scam targeting an employee in October. This gave the hacker access to data on the employee's hard drive and other shared drives to which the employee had access.

  • Pennsylvania Senate race: Mehmet Oz hopes to preserve GOP seat in battle against John Fetterman

    The Keystone State presents Democrats’ best chances to flip a Senate seat

  • Daily Crunch: SpaceX set to launch two spacecraft tomorrow aboard Falcon Heavy rocket

    Last week was a hell of a week in startup news, and Henry wrote a particularly good summary of everything that went down, including Elon Musk’s Twitter purchase, Meta’s troubles, and a minute of silence for self-driving cars. Flying chonk goes wheeeeeee: While we were all distracted by Elon Musk’s other pet project, SpaceX launched a Falcon Heavy rocket for the first time in three years. Aria has more. Swipe right for utter chaos: Glitch or not, Instagram has some 'splaining to do.

  • Midterm Momentum Grows for Republican House Gains, While Senate Remains Tight

    The GOP is building momentum in its battle to win the House, while an uneven political landscape in the final days before the midterm elections is creating uncertainty about the extent of the party’s gains—and its prospects for winning control of the Senate.

  • Biden Avoids Some Battleground States in Midterms’ Final Stretch

    His low approval ratings and voter frustration over the economy weighing on his party, President Biden is steering clear of some presidential battleground states ahead of the November midterm elections.

  • Lula wins Brazil’s presidential runoff in rebuke of far-right Bolsonaro

    With 99.9% of the votes tallied in the runoff vote, da Silva had 50.9% and Bolsonaro 49.1%, and the election authority said da Silva’s victory was a mathematical certainty.

  • The Man Accused Of Attacking Nancy Pelosi's Husband Allegedly Planned To Kidnap Her And Break Her Kneecaps

    Federal and local prosecutors charged David DePape, 42, with crimes including assault, attempted kidnapping, attempted murder, threats to a public official and their family, and residential burglary.View Entire Post ›

  • Dubai School Operator Set to List in Rare Private-Sector IPO

    (Bloomberg) -- Dubai private school operator Taaleem Holdings PJSC is seeking to raise 750 million dirhams ($204 million) from an initial public offering, a rare private sector listing in the United Arab Emirates where deals by state-owned firms have dominated so far this year.Most Read from BloombergMusk Posts Then Deletes Tweet Spreading Conspiracy Theory on Pelosi AttackLula Edges Out Bolsonaro to Win Presidency of Divided BrazilBig Tech Weighs on Stocks as Oil Giants Whipsaw: Markets WrapThr

  • The Morning After: Elon Musk wants Twitter users to pay for verification

    Musk thinks that verification is a status symbol, and one that's worth paying for.

  • Rockwell Automation (NYSE:ROK) Has Announced That It Will Be Increasing Its Dividend To $1.18

    Rockwell Automation, Inc. ( NYSE:ROK ) has announced that it will be increasing its periodic dividend on the 12th of...

  • 'We are a tinderbox': Political violence is ramping up, experts warn

    Friday's attack on Democratic Speaker Nancy Pelosi's husband, Paul, is the most recent example of the country's increasing political violence.

  • Op-Ed: Is smearing food on the 'Mona Lisa' a productive form of climate change protest?

    I used to work in a museum, helping protect the art. Yet I understand climate activists' rage.

  • Delta Air pilots vote to authorize strike

    (Reuters) -Pilots at Delta Air Lines have voted to authorize a strike if negotiators cannot reach agreement on a new employment contract, their union said on Monday. The Air Line Pilots Association (ALPA), which represents nearly 15,000 pilots at the Atlanta-based carrier, said 99% of those who cast their ballots backed strike-authorization. Under U.S. law, Delta pilots cannot walk off the job until the National Mediation Board grants them permission.

  • Elon Musk claims Twitter layoff timing won't affect year-end compensation

    Elon Musk, Chief Twit, is taking issue with reporting in a New York Times story this weekend that states he plans to lay off employees before Tuesday, November 1, thus cutting staff off from receiving stock grants as part of their compensation. In response to a tweet from Eric Umansky, deputy managing editor of ProPublica, that said Musk was "making sure to fire people at Twitter before part of their year-end compensation kicks in on Tuesday," Musk said: "This is false." Umansky's tweet included a screenshot of a highlighted portion of the NYT story that also noted stock grants make up a significant portion of an employee's pay, and by laying off workers before that date, Musk may avoid paying the grants.

  • Lula narrowly defeats Bolsonaro to win Brazil presidency again

    SAO PAULO (Reuters) -Luiz Inacio Lula da Silva narrowly defeated President Jair Bolsonaro in a runoff election on Sunday that marked a stunning comeback for the leftist former president and the end of Brazil's most right-wing government in decades. Brazil's Supreme Electoral Court declared Lula the next president, with 50.9% of votes versus 49.1% for Bolsonaro. The 77-year-old Lula's inauguration is scheduled for Jan. 1.

  • Blue Origin completes delivery of BE-4 rocket engines for first ULA Vulcan launch

    Amazon founder Jeff Bezos’ Blue Origin space venture says it has completed delivery of the two BE-4 rocket engines that will be used next year for the first launch of United Launch Alliance’s next-generation Vulcan Centaur rocket. The delivery to ULA’s factory in Alabama comes two years later than the schedule called for when ULA chose Blue Origin as the engine supplier for the Vulcan first-stage booster in 2018. In a tweet, United Launch Alliance CEO Tory Bruno said one of the engines has alrea

  • 8 Ways You May Be An 'Almond Mom' Without Even Knowing It

    The term stems from a controversial comment made by Yolanda Hadid and proves we could all benefit from checking our language before we talk to kids about food.

  • Elon Musk denies reports he is firing Twitter employees in attempt to avoid payouts

    In a response to a Twitter user asking about the layoffs, Musk tweeted: "This is false." The New York Times reported on Saturday that Musk has ordered job cuts across the company, with some teams to be trimmed more than others and that layoffs would take place before Nov. 1 date, when employees were scheduled to receive stock grants as part of their compensation. According to media reports on Saturday, Musk fired top executives in an effort to avoid hefty severance payouts, while lining up other layoffs as soon as Saturday.

  • Abcarian: A speech-impaired John Fetterman is better than a fast-talking Mehmet Oz

    Plenty of politicians like Fetterman suffer terrible ailments. Doesn't mean they can't get the job done.