By Aaron Miller-
A twitter paid promotion was used by an account posing as PayPal to fool users into sharing their personal information under the guise that they were entering an end-of-year contest, The Next Web reported. The scam adds to the growing loopholes that come with the globally used platform of twitter, calling for creative and genius solutions from twitter bosses.
TNW reporter Matthew Hughes first reported the since-deleted promoted tweet from @PaypalChristm, which he said populated in his timeline. He noticed the tell signs of it being a scam, including its shady unverified account “with fewer than 100 followers,” but also a sketchy-ass promotional image seemingly designed to insinuate that a car and iPhone were up for grabs. A link attached to the tweet led to a page similar to that of PayPal’s login page, and requested users input their personal information and credit card details.
The phishing link led to a page resembling the legitimate PayPal login site. It was an uncanny similarity with the real thing, but had weaknesses that gives it away to expert eyes. Indications of its deceptive scam were evident in the lack of HTTPS and the URL. These kind of breaches are require twitter to elevate their technological level of defence against these types of attacks. They are becoming to frequent.
”I logged in with obviously bogus credentials and was presented with – again – a superficially legitimate-looking page that asked me to confirm my credit card details, Hughes said. This suggests that the attackers weren’t merely interested in accessing PayPal accounts, but also wanted to be able to exploit the victim financially outside of the popular fintech platform”.
The tweet is a roughly 30-minute window before it was taken down. Twitter says it took “appropriate measures” to ensure that the account would no longer be able to advertise on the site, and the account was suspended as of Wednesday evening.
Despite what may seem like tell tale signs to an informed observer, phishing scams can be incredibly deceptive to unsuspecting victims. The U.S. Federal Trade Commission recently warned of a phishing scam disguised as a support email from Netflix asking users to update their payment information. Twitter’s perpetual vow to have a robust system addressing these types of intrusions is again shown to be far from perfect, requiring higher levels of technological expertise to end this cycle of embarrassing and disappointing breaches. Continuous breaches of twitter’s security system shows the social media giant still has a long way to go to become a really safe and reliable platform for sharing valuable public interest information.