1. Forum
  2. FidoNet
  3. POLITICS

  • Phishing campaign targets

    From Mike Powell@1:2320/105 to All on Wed Feb 5 10:05:00 2025
    Phishing campaign targets prominent X users, accounts at risk

    Date:
    Tue, 04 Feb 2025 16:05:00 +0000

    Description:
    A phishing campaign is hijacking high profile X users and using their
    accounts for fraudulent activity.

    FULL STORY ======================================================================
    - A phishing campaign is targeting X users, experts warn
    - Fake login emails are sent to victims
    - The aim is to take over accounts and advertise a fraudulent crypto scheme

    High-profile accounts on the social media network X (formerly known as
    Twitter) are being targeted by a phishing campaign, experts have warned.

    A report from SentinelLabs outlined how prominent accounts belonging to US political figures, large tech organizations, leading international
    journalists, and even an X employee, have been attacked via a phishing campaign.

    Although the primary targets are large accounts with a high follower account, everyone should be on the lookout for this attack: heres what we know so far.

    Financial objectives

    In its report, SentinelLabs notes the aim of the attack is to compromise an account, lock out the legitimate owner, and post fraudulent cryptocurrency opportunities or links to external sites, which are designed to lure
    additional targets, most commonly with a crypto-theft related theme.

    It seems the attack originates from a range of phishing tactics, one being
    the notorious login notice. This works by sending the victim an email to
    notify them their account was accessed from a new device, and that the
    location of the device was in a foreign city.

    From there, a link is provided for users to secure their accounts and provide their username and change the account password. This page is fake, and the victims have then unwittingly provided their credentials to a threat actor.

    The campaign uses several phishing domains for this, like x-recoversupport[.]com and securelogins-x[.]com, and in some cases,
    researchers observed the campaign abusing Googles AMP Cache domain in order
    to bypass email detections and reroute the user to a phishing domain.

    The criminal then takes over the account and begins using the accounts
    audience to advertise cryptocurrency scams. The high profile accounts allow criminals to maximise their financial profit by reaching a wider audience and collecting more victims.

    Crypto scams are incredibly dangerous, and lucrative, with the FBI recently estimating in 2024 alone, the scams cost victims more money than ransomware .

    Staying safe

    To avoid such fraudulent schemes, investors should be ultra-careful that
    their investment is legitimate. The cryptocurrency market is largely unregulated, which makes it the perfect environment for scammers and
    criminals - so be sure to heavily research any investments before handing
    over your data or money.

    The key part of this attack is the initial phishing email. Social engineering attacks like phishing are dangerous because they catch users off guard, naturally staying alert is the best defense.

    Phishing attacks will prompt victims to reveal their personal information,
    like logins, credentials, financial information, and more. This puts victims
    at risk of identity theft or fraud.

    It is true that some platforms will email you if theres an unrecognized
    sign-in to a new device, which is what makes this campaign so convincing. Its easy to say that users should be extra careful, but sometimes thats just not enough, so here are some extra tips to stay protected.

    First of all, create a strong and secure password , and crucially do not
    reuse passwords from one site to another - this helps by quarantining any account that has been breached.

    Next, enable multi-factor authentication or MFA , especially for sites that hold medical or financial information. Although this can be a bit of a faff, it's a great extra layer of security and gives you a peace of mind knowing
    that criminals would struggle that bit more to access your data.

    Another thing to look out for is mismatched or suspicious domains. If you receive an email youre not expecting, especially one prompting action and including a link. Check the spelling of the domain, e.g. Faceb00k rather than Facebook. Its never a bad idea to Google what the legitimate domain would be, either.

    The final thing to look for is odd attachments - if the sender is unknown and the email contains links, images, or documents - this is a red flag. Qr codes are particularly dangerous, so dont scan anything youre not certain is safe.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/phishing-campaign-targets-prominent-x-u sers-accounts-at-risk

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)