New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials

Scams pressure victims to "resolve an issue that could impact their status, business."

Dark Reading, Nathan Eddy

July 11, 2022

2 Min Read
New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials
Alamy

A recent wave of social media phishing schemes doubles down on aggressive scare tactics with phony account-abuse accusations to coerce victims into handing over their login details.

Last week alone, Malwarebytes Labs uncovered two phishing scams, targeting Twitter and Discord (a voice, video, and text chat app). The Twitter phishing scam sends users a direct message flagging their account for use of hate speech and requesting the user authenticate the account to avoid a suspension. Users are then redirected to a fake "Twitter help center," which asks for the user's login credentials.

The Discord phishing campaign sends users a message from friends or strangers accusing the user of sending explicit photos that are exposed on a server. The message includes a link to the purported server, and if the user wants to follow the link, they are asked to log in via QR code. If they do, the account will most likely be taken over by scammers, according to Malwarebytes. The message then gets sent to the user's friends from his or her account, perpetuating the phishing scam.

Patrick Harr, CEO at SlashNext, an anti-phishing company, says the Twitter and Discord attacks are a clever twist on the traditional social engineering scam to steal credentials. The best social engineering scams use fear or outrage to move the victim to act quickly without taking too much time to think "Is this a phishing scam?," he explains.

Related:How To Tell If a Ransomware Message Is Real or Fake

"In both cases, the users of Twitter and Discord are motivated to resolve an issue that could impact their status, business, or entertainment, which is why this phish is so effective," he notes.

Social media platforms are perpetual targets of phishing campaigns, using psychological manipulation to encourage victims to disclose confidential login credentials. The pilfered information is then used by malicious actors to hijack the user's social media accounts, or even gain access to their bank accounts.

Continue Reading This Article on Dark Reading

Read more about:

Dark Reading

About the Authors

Dark Reading

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to ITPro Today, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

See more from Dark Reading
Nathan Eddy

Nathan Eddy

Nathan Eddy is a freelance writer for ITProToday and covers various IT trends and topics across wide variety of industries. A graduate of Northwestern University’s Medill School of Journalism, he is also a documentary filmmaker specializing in architecture and urban planning. He currently lives in Berlin, Germany.

See more from Nathan Eddy
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

a stressed employee at their laptop and collaboration icons gone amok
Unified Communications
Microsoft Teams Is Acting Up. What Can We Do?Microsoft Teams Is Acting Up. What Can We Do?
byBrien Posey
Sep 12, 2024
4 Min Read
person placing a block between two columns of blocks
IT Management
Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?Data Skills Gap Is Hampering Productivity; Is Upskilling the Answer?
byNathan Eddy
Sep 7, 2024
7 Min Read
data privacy quiz sample question above a desk
Data Privacy
Data Privacy Quiz: 20 Questions To Test Your KnowledgeData Privacy Quiz: 20 Questions To Test Your Knowledge
byIan Horowitz
Aug 30, 2024
1 Min Read
Exclusive ITPro Resources
See all ITPro Resources

Featured How Tos

A cartoon of a person sitting at a computer, with speech bubbles—one from the person saying Hello and one from the computer responding with Hello
PowerShell
PowerShell Speech Recognition: How To Set up Voice Commands and ResponsesPowerShell Speech Recognition: Set up Voice Commands and Responses
Migrating From VMware Guide cover
VMWare
Migrating From VMware: Guide to a Successful TransitionMigrating From VMware: Guide to a Successful Transition
a wall and fire with the words linux uncomplicated firewall (ufw) tutorial, configure and manage
Linux OS
Linux UFW (Uncomplicated Firewall) Configuration Made EasyLinux UFW (Uncomplicated Firewall) Configuration Made Easy
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up
Trending

Recent What Is

list of domains within the umbrella category of IT security
IT Security
What Is IT Security? Essentials of IT Security ExplainedWhat Is IT Security? Essentials of IT Security Explained
ITPro Today's tech careers quick reference guide cover
Career Management
Tech Careers: Quick Reference Guide to IT Job TitlesTech Careers: Quick Reference Guide to IT Job Titles