Twitter allows apparent phishing scam to buy promoted tweet

Source: The Hill | January 8, 2018 | Ali Breland

Twitter’s advertising platform allowed a fraudulent website to purchase promoted tweets that directed users to what appears to be a phishing scam.

The tweet, which is being promoted on users’ Twitter feeds, claims to offer users “verified” blue checkmarks, which some see as a sign of status on the site.

Users who click @BusinessTweet30’s link are directed to a site posing as Twitter, but with a different domain name. The colors and font are the same as Twitter’s, and the language on the site is worded as though it is an official part of Twitter’s platform.

“To prevent identity confusion, Twitter is now offering the verification form. We’re working to establish authenticity with people who deal with impersonation or identity confusion on a regular basis. Accounts with [the verified checkmark] are the official accounts,” it reads.

On the page, Twitter users are prompted to input detailed information about themselves, including their email, password and credit card information.

The tweet raises red flags about Twitter’s automated ad purchasing process. Phishing scams from a promoted tweet can be uniquely dangerous, because users who see the tweet as “promoted” may understand this as Twitter confirming the tweet’s legitimacy.

The tweet is an example of what may slip through the cracks of Twitter’s automated advertising platform. The company has human reviewers to take down promoted tweets that violate its terms of service, but in many cases they don’t see tweets until after they’ve been flagged by other users after being posted.

BusinessTweet30’s tweet had been on Twitter for at least two hours. It’s unclear how long it has been a promoted tweet within that window.

After being contacted by The Hill, Twitter deleted the tweet and the account that posted it.

A Twitter spokesperson declined to comment on the tweet directly, noting that it does not “comment on individual accounts for privacy and security reasons.”

The company did say that it is aware of groups trying to manipulate its ad platform and is taking action against such behavior.

…….

Tagged: 

Viewing 2 posts - 1 through 2 (of 2 total)
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.