Verified accounts of journalists on Twitter, which have been hacked, are being used to hack more Twitter accounts through phishing attacks. These verified accounts pretend to be members of the Twitter Support team, and tricks Twitter users to reveal their login credentials by threatening to suspend their account. Many people have been victims of this attack, while several others have received the messages but ignored them.
On Saturday, Tenzing Lamsang, the editor of The Bhutanese, informed that there was a phishing attack on his Twitter account just after he had provided his Twitter login credentials to some in a Twitter Support team through Direct Messaging (DM). He said that he received an alert that there was a suspicious attempt to log in to his Twitter account by someone in Mumbai.
Tenzing informed that he had received a DM from a Twitter account named @pencilpusher24 informing that there has been a copyright violation, and he needs to take action to resolve the issue. The message said, “Copyright infringement was detected in one of the tweets on your account. If you think copyright infringement is wrong, you need to provide feedback. Otherwise, your account will be suspended within 48 hours. You can give feedback at the link below. Thank you for your understanding.”
Coincidently, Tenzing Lamsang had used a poster of a movie of Dilip Kumar in a condolence message he had posted after the demise of the veteran actor. Therefore, he assumed that the poster had triggered the copyright issue, and believed the message to be genuine. He had even deleted that tweet. The message contained a link to page, which asked for the Twitter username and Password, where the journalist provided his Login Credentials.
He said that the user @pencilpusher24 told him that this was the only way to prevent his account from being suspended. And within minutes of providing the details, the hacking attempt took place. However, due to security features of Twitter, he got an alert as the login attempt was flagged as suspicious.
After that he found out that he was a victim of a phishing attack. Several people pointed out that the login page was fake, as it was a Google Sites page. Google Sites is a free page creation tool, where the attacker had perhaps used Google Forms to mimic the Twitter login page. Any login page for Twitter will be on the Twitter website, not a third-party free site like Google Sites.
Many others also received this same warning message with the link, but they didn’t enter their Twitter login details. This included columnist Harini Calamur, entrepreneur and political commentator Tehseen Poonawalla, IAS officer turned politician Shah Faesal and others.
All these messages came from @pencilpusher24, a verified Twitter account that is protected. This account belongs to Gaurav Sarkar, a journalist with Mid-Day. He has informed that his account has been hacked and the same is used for the phishing attempts.
After hacking the account, the account name was changed to ‘Support Team’, however it has been changed again and now it only has a dot. The hacker has hacked accounts of several others too, and used those accounts to send the same direct message to other Twitter users in an attempt to get the login credentials.
The account of Hindustan Times Journalist Vijay Kumar Yadav was also hacked, and similar messages were sent from the account. The account was restored later today. Yadav informed that the account of News18 journalist Vivek Gupta also has been hacked, this account is also protected now.
Even though several persons have informed Twitter about the incident, the accounts of Gaurav Sarkar and Vivek Gupta still remains protected, which means they are still in the control of the hackers.