Twitter account hacking has, of late, become a routine occurrence. Hackers, who are perpetually on the prowl, searching for vulnerabilities to exploit and hack into accounts, are not just using sophisticated means to achieve their objectives but are also employing devious methods to sucker users into revealing their own details and account credentials.
Recently, a Twitter user @BefittingFacts revealed how he received a message from a verified Twitter account who alleged him of sharing copyrighted content on the microblogging website and warned him that his account will be disabled in the next 48 hours if he failed to verify his account at the below-mentioned link.
The user shared screenshots of the Direct Message he has received from an account that was presumably hacked and also shared the profile details of a verified account that had gotten hacked after the user had fallen into the trap of the hackers and entered credentials of his account using the link shared in the message.
“TWITTER NEVER CONTACTS THROUGH MESSAGE. Even if you get a message from a VERIFIED account asking your account details just BLOCK it,” the Twitter user said.
Remember I had told hackers using excuse of copyrights claim to hack ur account? This TOI journalist filled form and got her account hacked.
— Facts (@BefittingFacts) January 26, 2022
TWITTER NEVER CONTACTS THROUGH MESSAGE. Even if you get message from VERIFIED account asking your account details just BLOCK it. pic.twitter.com/Y77uyzLJEt
The user had three days shared another message he had received from a suspect account with a similar message that said his Twitter account would be disabled on account of copyright violation unless he verifies the account at the shared link. The user had then urged the users to not pay heed to such messages and not share their details as hackers use the keyed-in password to hack their account.
Yeh fraud mera account disable karne ki dhamki de raha tha khud suspend ho gaya 😂😂😂
— Facts (@BefittingFacts) January 22, 2022
PS: Never reply to such account, never fill any form. They ask for your password and hack it. pic.twitter.com/e3u0MmqKmE
Since then, many other Twitter users also responded to his tweet, concurring with him and admitting that they too had been subjected to such kind of an attack.
I got the same DM few days back.. reported and blocked right away.. pic.twitter.com/cvAwrhRr48
— Ravi Tiwari🇮🇳 (@Ravitiwarii_) January 26, 2022
— Superstar Raj 🇮🇳 (@NagpurKaRajini) January 26, 2022
Hi @TwitterSupport, is this a legit message from your side? If not, how do you not detect impersonation to this extent? pic.twitter.com/BlfR1iVAwe
— INFERNO (@TheAngryLord) January 22, 2022
The modus operandi entails barging into DMs of unsuspecting Twitter users, scaring them with account suspension on charges of “copyright violation” and preying on their fear to get them into sharing their account credentials on the link mentioned in the message. Once the user shares his or her accounts, his account gets hacked a short while later.
Hacked verified accounts of journalists on Twitter used for phishing attacks on others
These phishing attacks have been happening for some time now. In July 2021, the use of sophisticated and devious methods came to the fore when hacked Twitter accounts of journalists were used for phishing attacks on others. These verified accounts pretended to be members of the Twitter Support team and tricked Twitter users into revealing their login credentials by threatening to suspend their accounts.
Several journalists and other notable personalities had received the message then. The editor of The Bhutanese Tenzing Lamsang, columnist Harini Calamur, entrepreneur and political commentator Tehseen Poonawalla, IAS officer turned politician Shah Faesal and others were among those who had received the suspicious message with a link threatening them of account suspension for committing a ‘copyright violation’. While they were alert to have not fallen for the phishing attack, there were others such as Hindustan Times’s Vijay Kumar Yadav and News18 journalist Vivek Gupta whose accounts were hacked after they had shared their credentials on the link mentioned in the message.
