This past July, Twitter fell victim to an infamous social engineering attack. The attack gave hackers control of over one hundred high-profile accounts—from politicians to celebrities. The hackers used these accounts to scam Twitter followers out of money. Now, cybercriminals are using this event as bait for a convincing phishing scam.
The phishing email uses text that is very similar to the official statement that Twitter made in response to the July attack. The email claims that due to a security breach, you must confirm your identity by clicking on a link in the email. If you click the link, you are redirected to a site that looks very similar to the real Twitter login page. The site is actually a look-alike designed to steal your login credentials. Any information that you enter on this page is delivered straight to the bad guys.
Don’t be fooled! Follow these tips:
- Never click on a link within an email that you weren’t expecting.
- When you’re asked to log in to an account or online service, navigate to the official website and log in. That way, you can ensure you’re logging in to the real site and not a phony look-alike.
- Email security filters can only do so much to protect you from malicious emails. Stay alert and help create a human firewall for your organization.
Stop, Look, and Think. Don’t be fooled.