Twitter scams use fake tech support accounts

Twitter
(Image credit: Shutterstock)

Twitter is the latest social network to fall victim to cybercriminals who are using the platform to launch tech support scams, command-and-control (C&C) operations and data exfiltration according to a new study from Trend Micro.

The company's researchers analyzed a large volume of Twitter data to identify relationships between various entities to spot anomalies and uncover key insights.

Trend Micro's Mark Nunnikhoven explained how the security community is using social media for good while cybercriminals are abusing it for their own gain, saying:

“Social media is an inescapable part of modern life, and our new research shines an important light on how it’s being used positively by the security community, and abused by criminals. This research shows businesses how the misuse of social networks can damage their brand, and it informs consumers how they might be tricked into a scam from what is believed to be a trusted source. We hope by making these abuses known, both businesses and consumers can be vigilant to not become victims of such attacks.” 

Twitter scams

Trend Micro discovered that cybercriminals were using fake Twitter accounts to spoof those of legitimate businesses for credible tech support scams.

Users would call the fake phone numbers provided by these accounts, think they were actually speaking to the company's help desk and the attackers would either convince them to share their credit card information or to install malicious content on their computer.

These efforts were often part of a multi-platform strategy which used YouTube, Facebook Telegram and other channels to improve SEO for the fake tech support sites linked to the Twitter accounts in an attempt to boost their search rankings.

To prevent falling victim to this scam or similar ones on Twitter, Trend Micro recommends that users confirm the validity of a Twitter account by checking the company's website directly rather than through the account. At the same time, it is also important for security teams to validate Twitter data when leveraging it for investigations or threat intelligence.

  • Keep your systems protected from the latest cyber threats with the best antivirus