More Phishers On Twitter

by @edent | , , , , | 4 comments | 400 words | Read ~1,199 times.

My mate Dom was moaning to his ISP on Twitter. They sent him a private message so they could look into his account.

A Twitter exchange. Virgin ask Dom for his address - which he gives. Then they ask for his full credit card details. He refuses.

Blimey! Thankfully, that was a pretty brazen and inept attempt at phishing. Anyone asking for all your card details like that should set the alarm bells ringing. Of course, phishers often target credulous people who don't understand that they're being scammed.

By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.
Cormac Herley - Microsoft Research

Investigating the account might not have given much of a clue about its dodgy nature.

A fake Twitter account.

Superficially, it looks identical to the official account. It even has a verified badge on its Tweets. How? Because all it does is retweet the official account it is spoofing!

Looking closer you should be able to spot that it is a fairly new account with zero followers. Oh, and the name is "Virgimendia"! The kerning of fonts on a small screen is likely to confuse lots of users.

They were quite clever in targetting people who had mentioned the official account. This is similar to a Twitter phishing attack I blogged about 5 years ago.

I tried my luck at baiting the scammer - to no avail!

I try to bait the scammer - they call me a nonce.

Their use of language suggests they're a British English speaker. At least, I assume they're not thinking of me in cryptographic terms!

A bunch of us reported the account, and by the next morning it was gone.

Account suspended.

The disturbing thing about this, is that the scammers had been operating for at least a week. Virgin Media had been alerted, but seemingly didn't take any action.

(Content Warning: The following Tweets contain racist language and encouraging suicide.)

Could automated tooling have stopped this? To a human it looks pretty obvious that this is a scam. But what heuristics would you use to train a model designed to stop this? And how many false positives would it detect?

Stay safe out there.

Support Dom in his quest to run 26 half-marathons in 26 silly costumes in aid of a children's hospice.

4 thoughts on “More Phishers On Twitter

  1. I know people with dyslexia that could be seriously affected by something like this.
    Would be good if you could catch misspellings in places with a browser extension but I think it'd be far too complex :/

  2. @TheHodge yep, had the same happen to me - first message got me....

  3. Marcus Downing says:

    There are algorithms to spot both similar text and similar images. I imagine that it would be possible for Twitter's sign-up process to say, "Hmm, this name is awfully similar to that name. And the avatar is the same as well. Maybe they're trying to imitate them?"

    The problem is what to do next. Twitter don't want to pay an army of employees to vet every similar-sounding account. And if you asked the existing account holders to do it, they'd both make mistakes and abuse their power (for example, to block "This Company Sucks" accounts).

  4. And the regular reminder that Every Time you mention in public on here the name of your bank, you are being watched. Friend of me lost 12k after a helpful phone call to sort out a minor admin niggle that friend had tweeted about in frustration.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: