- A Phishing campaign is aimed at X users, experts warn.
- False login emails are sent to the victims
- The objective is to take care of the accounts and announce a fraudulent cryptogram scheme
High profile accounts in the social media network X (previously known as Twitter) are being attacked by a Phishing campaign, experts warned.
A Sentinellabs report described how prominent accounts belonging to US political figures, large technological organizations, the main international journalists and even an X employee have been attacked through a Phishing campaign.
Although the main objectives are large accounts with an account of high followers, all should be attentive to this attack: this is what we know so far.
Financial objectives
In its report, Sentinellabs points out that the objective of the attack is to compromise an account, block the legitimate owner and after the opportunities or links of fraudulent cryptocurrencies to external sites, which are designed to “attract additional objectives”, more frequently with a crypto – Theme related to theft.
It seems that the attack originates in a variety of phishing tactics, one is the notorious login notice. This works by sending the victim an email to notify their account from a new device, and that the location of the device was in a foreign city.
From there, a link is provided for users to “secure” their accounts and provide their username and change the password of the account. This page is false, and the victims have involuntarily provided their credentials to a threat actor.
The campaign uses several phishing domains for this, such as X-Reversupport[.]com and Securelogins-X[.]com, and in some cases, the researchers observed the campaign that abused Google ‘amp cache’ domain to avoid email detections and redirect the user to a phishing domain.
The criminal then takes care of the account and begins to use the audience to announce cryptocurrency scams. High profile accounts allow criminals to maximize their financial gains reaching a broader audience and collecting more victims.
Cryptographic scams are incredibly dangerous and lucrative, with the FBI that is recently estimated in 2024, the scams cost the victims more money than the ransomware.
Stay safe
To avoid such fraudulent schemes, investors must be careful that their investment is legitimate. The cryptocurrency market is largely not regulated, which makes it the perfect environment for scammers and criminals, so be sure to largely investigate any investment before delivering your data or money.
The key part of this attack is the initial phishing email. Social Engineering attacks such as phishing are dangerous because they catch unsuspecting users, naturally remains alert is the best defense.
Phishing attacks will boost victims to reveal their personal information, as session, credentials, financial information and more. This puts victims at risk of theft or identity fraud.
It is true that some platforms will send you an email if there is an unrecognized login on a new device, which is what makes this campaign so convincing. It is easy to say that users should be very careful, but sometimes that is not enough, so here there are some additional tips to stay protected.
First, he creates a strong and safe password, and crucially does not reuse passwords from one place to another; This helps to harass any account that has been raped.
Next, enable multifactor or MFA authentication, especially for sites that have medical or financial information. Although this can be a bit FAff, it is a large additional security layer and gives it peace of mind knowing that criminals would fight so a little more to access their data.
Another thing to consider is the non -coincident or suspicious domains. If you receive an email, do not expect, especially a consultation action and including a link. See the spelling of the domain, for example, Faceb00k instead of Facebook. Nor is Google a bad idea what the legitimate domain would be.
The last thing to look for are the odd attachments, if the sender is unknown and the email contains links, images or documents, this is a red flag. QR codes are particularly dangerous, so that nothing is scanning is safe.
