That message from ‘Twitter support’ is almost certainly fake – Meczyki.Net

Users on Twitter have been receiving messages from “Twitter Support” urging them to act quickly to avoid suspension, even from users with frequent blue checks. But these are almost certainly scams—here’s what to look for, and what it would look like if Twitter really needed to contact you.

First, it should be mentioned just as a general rule that Any message from someone you don’t know should be viewed with suspicion on any platform you use, don’t follow any link or instructions, and if you’re unsure at all, take a screenshot and send it to a friend to help!

On to today’s problem: DM spam.

This type of trick is known by different names depending on what the scammers are doing. This may be garden type phishing, and they are tricking you into giving out personal or financial information. But it may take a more sophisticated, long-term plan to gain access to high profile accounts.

springboard method

It works like this: First you do spray-and-pray style messaging to get certain people to click through to one of several ways to get their credentials, whether it’s social engineering (“Please enter your current password. Verify”) or a fake app (“Please update Tw1tter”) or some more serious device-level takeover. This gives fraudsters control over the accounts of a handful of real people.

Example of a scam DM from a hacked verified account.

Using these accounts, they send more spam to DMs, using the legitimacy of the accounts to hide their nefarious deeds. This nets them more accounts, and if they’re lucky, they’ll springboard for high-profile ones, like a verified account that follows users whose DMs are open.

Once they’ve captured a BlueCheck account, they can change the name to something like “immediate support” and of course start sending legitimate-looking warnings to the thousands of followers of such a user.

Here’s how to spot a scam and protect yourself. Here’s a message a reporter received today from a verified account:

Twitter Support | breach

Greetings,

We recently detected several suspicious login attempts on your account.

We care about the security of verified accounts.

Your account will be suspended within 24-48 hours for security reasons. If you are not doing so, you will need to submit an appeal form to us so that your account is not suspended and we can review it.

[link to innocuous looking non-Twitter domain]

In any case, we will contact you again through this channel.

thanks for your understanding,
Twitter support account.

Many people will see verified accounts, boilerplate-looking warning text, and simply hit the link. How are they supposed to know what a Twitter suspension alert looks like? They are not internet savvy, and clearly they shouldn’t to keep their accounts secure, but this is the reality of social media today.

Luckily it’s very easy to spot a scam, and you can protect yourself with the following steps.

how to find scam dm

Laptop Virus Alert.  Malware Trojan Notification On Computer Screen.  Hacker Attack And Insecure Internet Connection Vector Concept.  Internet Virus Malware Illustration

image credit: Microvon / Getty Images

First, there are some red flags with the message.

  1. Twitter will never contact you via DM for account issues. This type of communication is usually done through the email associated with the account. Think about it: If Twitter thinks a scammer has taken over your account, are they going to DM that account? No – they have a secure line for your email that only they know about. “If we contact you, we will never ask for your password and our emails will only be sent to/from,” a Twitter representative said. If you get any text, it will come with 40404.
  2. The sender is not Twitter. Again, Twitter won’t use this channel initially, but the message doesn’t seem to come from their side either. If you look at that person’s profile, you will find that they are just some random person, or “egg” as we used to call them.
  3. The link goes somewhere you’ve never heard of, Of course no need to go to scam-links.xxx to be suspicious! Links can and often are in any message, DM or email or even online. created to be deceptive this link twitter.com For example, actually goes to Google. Only follow links in messages or emails that you know are authentic – if you’re not sure, don’t!
  4. language is kind of closed, Not everyone will consider it, but upon closer reading it’s clear that this is probably not by a native English speaker – and a Twitter communication in English will certainly be in clear, error-free language. It’ll be the same in other languages ​​- if you see something strange, even if you’re not sure, it should ring alarm bells!

So what should you do if you receive a message that appears to be fraudulent? the safest thing ignore and delete, if you want you can Report it to Twitter using the instructions here,

Protect yourself with two-factor protection

The best thing you can do to protect yourself from scams like this is turn on two factor authentication., sometimes called 2FA or MFA (multi-factor authentication). We’ve got a complete guide for that here:

2FA will be in your Twitter security settings, and will also be in the security settings for many of your other online apps and services. What two-factor authentication does is simply check in with you directly through a secure “authenticator” app that asks “Are you trying to sign into Twitter?” If you see that message and you’re not signed in to Twitter, something’s wrong!

When you want to sign in, it will ask you for a number generated by the Authenticator app that only you can see, or sometimes via text (though this method is being phased out). These numbers should only be entered on the login screen and should never be disclosed to anyone else.

If you have 2FA enabled, even if you accidentally give some login information to a scammer, it will check with you to make sure when they try to log in. This is an incredibly helpful thing in today’s dangerous cyber security environment!

That’s it – now you and anyone you want to tell will not be deceived like this on Twitter. If you want to further enhance your cyber security skills, check out our Cyber ​​Security 101 series.