By @edent · fraud phishing scam security twitter · 5 comments · 700 words · read ~1,346 times.
My mate Dom was moaning to his ISP on Twitter. They sent him a private message so they could look into his account.
Blimey! Thankfully, that was a pretty brazen and inept attempt at phishing. Anyone asking for all your card details like that should set the alarm bells ringing. Of course, phishers often target credulous people who don't understand that they're being scammed.
By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor. Cormac Herley - Microsoft Research
Investigating the account might not have given much of a clue about its dodgy nature.
Superficially, it looks identical to the official account. It even has a verified badge on its Tweets. How? Because all it does is retweet the official account it is spoofing!
Looking closer you should be able to spot that it is a fairly new account with zero followers. Oh, and the name is "Virgimendia"! The kerning of fonts on a small screen is likely to confuse lots of users.
They were quite clever in targetting people who had mentioned the official account. This is similar to a Twitter phishing attack I blogged about 5 years ago.
I tried my luck at baiting the scammer - to no avail!
Their use of language suggests they're a British English speaker. At least, I assume they're not thinking of me in cryptographic terms!
A bunch of us reported the account, and by the next morning it was gone.
The disturbing thing about this, is that the scammers had been operating for at least a week. Virgin Media had been alerted, but seemingly didn't take any action.
(Content Warning: The following Tweets contain racist language and encouraging suicide.)
Blocked and unblocked me just to send that last bloody message! 🤣🤣🤣 @virgimendia says you sitting at home in your mums basement have fun with that one pic.x.com/8rim648hi7
Replying to @DeniseHodg19@DeniseHodg19 @Mchughhugh @virginmedia @richardbranson I’ve just had a scam page DM me as well. I have reported it. Let’s hope the OP didn’t give them any card details as that’s what the last lot were asking for! Note the very slight spelling discrepancy on the @ name. Otherwise their page is identical pic.x.com/bahonl1vlt
,@virgimendia THIS ACCOUNT IS GOING TO MESSAGE YOU PRETENDING TO BE VM AND ASKING FOR YOUR BANK DETAILS. IF LIKE ME YOU CATCH THEM OUT THEY ACT LIKE THIS.. pic.x.com/osptnvbwfm
https://twitter.com/julsbvby/status/1294702901835726854
Almost had me there @virgimendia pic.x.com/tb0aklnuqv
Replying to @virginmedia@virginmedia @virginmedia it came for your twitter handle.... last night. I have also reported this to your customer services but they didn’t seem to concerned... told me to opt out of text message notifications :/ pic.x.com/hjvm9r4wz4
Could automated tooling have stopped this? To a human it looks pretty obvious that this is a scam. But what heuristics would you use to train a model designed to stop this? And how many false positives would it detect?
Stay safe out there.
I know people with dyslexia that could be seriously affected by something like this. Would be good if you could catch misspellings in places with a browser extension but I think it'd be far too complex :/
@TheHodge yep, had the same happen to me - first message got me....
Marcus Downing says:
There are algorithms to spot both similar text and similar images. I imagine that it would be possible for Twitter's sign-up process to say, "Hmm, this name is awfully similar to that name. And the avatar is the same as well. Maybe they're trying to imitate them?"
The problem is what to do next. Twitter don't want to pay an army of employees to vet every similar-sounding account. And if you asked the existing account holders to do it, they'd both make mistakes and abuse their power (for example, to block "This Company Sucks" accounts).
And the regular reminder that Every Time you mention in public on here the name of your bank, you are being watched. Friend of me lost 12k after a helpful phone call to sort out a minor admin niggle that friend had tweeted about in frustration.
I like to think I’m decent at spotting phishes (it’s literally my job) but a Virgin Media impersonator got me once. Their @ wasn’t even close but I saw everything else and it seemed to match!