- A target phishing campaign x users, warn experts
- False connection emails are sent to the victims
- The objective is to take over the accounts and announce a fraudulent cryptographic regime
Large -scale accounts on the social media network X (formerly known as Twitter) are targeted by a phishing campaign, experts warned.
A Sentinelabs report described how important accounts belonging to American political figures, major technological organizations, the main international journalists and even an X employee, were attacked via a phishing campaign.
Although the main targets are large accounts with a halluclear account, everyone should be on the lookout for this attack: here is what we know so far.
Financial objectives
In his report, Sentinellabs notes that the objective of the attack is to compromise an account, to lock the legitimate owner and post-frauduy possibilities of cryptocurrency or links to external sites, which are designed to attract Additional targets ”, most often with a cryptocal-related theme.
It seems that the attack comes from a range of phishing tactics, one being the famous connection opinion. This works by sending the victim an email to inform them that their account was accessible from a new device, and that the location of the aircraft was in a foreign city.
From there, a link is provided to users to “secure” their accounts and provide their username and modify the password of the account. This page is false, and the victims then involuntarily provided their references to a threat actor.
The campaign uses several areas of phishing for this, such as X-Recoversupport[.]com and seculogins-x[.]com, and in some cases, the researchers observed the campaign abusing the domain “ amp cache ” from Google in order to bypass messaging detections and restart the user in a phishing field.
The criminal then resumes the account and begins to use the audience of accounts to announce cryptocurrency scams. High -level accounts allow criminals to maximize their financial benefit by reaching a wider audience and by collecting more victims.
Cryptographic scams are incredibly dangerous and lucrative, the FBI recently estimating in 2024, scams cost the victims more money than ransomware.
Keep up
To avoid such fraudulent diets, investors should be ultra-and their investment is legitimate. The cryptocurrency market is largely unregulated, which makes it the perfect environment for crooks and criminals-so make sure you are looking for investments strongly before putting your data or your money.
The key part of this attack is the initial phishing email. Social engineering attacks and phishing are dangerous because they surprise users off guard, remains alert is the best defense.
Phishing attacks will encourage victims to reveal their personal information, such as connections, identification information, financial information, etc. This puts victims at risk of identity or fraud.
It is true that some platforms send you an email if there is an unrecognized connection to a new device, which makes this campaign so convincing. It is easy to say that users should be very cautious, but sometimes it’s just not enough, so here are some additional tips to stay protected.
First of all, create a solid and secure password and do not reuse passwords from one site to another – this helps by quarantining any account that has been raped.
Then, activate multi-factor authentication or MFA, in particular for sites that have medical or financial information. Although it can be a bit of a fuff, it is a large additional layer of security and gives you peace of mind knowing that criminals would have a little more to access your data.
Another thing to watch is incompatible or suspect areas. If you receive an email that you do not wait, in particular an invitation to action and by including a link. Check the spelling of the domain, for example faceb00k rather than Facebook. It is never a bad idea of Google what the legitimate field would be either.
The last thing to search is the strange attachments – if the sender is unknown and the e -mail contains links, images or documents – it is a red flag. The QR codes are particularly dangerous, so don’t know that you are not sure you are sure.
