TZUTC: -0500   
   MSGID: 59.consprcy@1:2320/105 2c08b50d   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Phishing campaign targets prominent X users, accounts at risk   
      
   Date:   
   Tue, 04 Feb 2025 16:05:00 +0000   
      
   Description:   
   A phishing campaign is hijacking high profile X users and using their    
   accounts for fraudulent activity.   
      
   FULL STORY   
   ======================================================================   
    - A phishing campaign is targeting X users, experts warn   
    - Fake login emails are sent to victims   
    - The aim is to take over accounts and advertise a fraudulent crypto scheme   
      
   High-profile accounts on the social media network X (formerly known as   
   Twitter) are being targeted by a phishing campaign, experts have warned.    
      
   A report from SentinelLabs outlined how prominent accounts belonging to US   
   political figures, large tech organizations, leading international   
   journalists, and even an X employee, have been attacked via a phishing   
   campaign.    
      
   Although the primary targets are large accounts with a high follower account,   
   everyone should be on the lookout for this attack: heres what we know so far.   
      
   Financial objectives    
      
   In its report, SentinelLabs notes the aim of the attack is to compromise an   
   account, lock out the legitimate owner, and post fraudulent cryptocurrency   
   opportunities or links to external sites, which are designed to lure   
   additional targets, most commonly with a crypto-theft related theme.    
      
   It seems the attack originates from a range of phishing tactics, one being    
   the notorious login notice. This works by sending the victim an email to   
   notify them their account was accessed from a new device, and that the   
   location of the device was in a foreign city.    
      
   From there, a link is provided for users to secure their accounts and provide   
   their username and change the account password. This page is fake, and the   
   victims have then unwittingly provided their credentials to a threat actor.    
      
   The campaign uses several phishing domains for this, like   
   x-recoversupport[.]com and securelogins-x[.]com, and in some cases,   
   researchers observed the campaign abusing Googles AMP Cache domain in order    
   to bypass email detections and reroute the user to a phishing domain.    
      
   The criminal then takes over the account and begins using the accounts   
   audience to advertise cryptocurrency scams. The high profile accounts allow   
   criminals to maximise their financial profit by reaching a wider audience and   
   collecting more victims.    
      
   Crypto scams are incredibly dangerous, and lucrative, with the FBI recently   
   estimating in 2024 alone, the scams cost victims more money than ransomware .   
      
   Staying safe    
      
   To avoid such fraudulent schemes, investors should be ultra-careful that    
   their investment is legitimate. The cryptocurrency market is largely   
   unregulated, which makes it the perfect environment for scammers and    
   criminals - so be sure to heavily research any investments before handing    
   over your data or money.    
      
   The key part of this attack is the initial phishing email. Social engineering   
   attacks like phishing are dangerous because they catch users off guard,   
   naturally staying alert is the best defense.    
      
   Phishing attacks will prompt victims to reveal their personal information,   
   like logins, credentials, financial information, and more. This puts victims   
   at risk of identity theft or fraud.    
      
   It is true that some platforms will email you if theres an unrecognized   
   sign-in to a new device, which is what makes this campaign so convincing. Its   
   easy to say that users should be extra careful, but sometimes thats just not   
   enough, so here are some extra tips to stay protected.    
      
   First of all, create a strong and secure password , and crucially do not    
   reuse passwords from one site to another - this helps by quarantining any   
   account that has been breached.    
      
   Next, enable multi-factor authentication or MFA , especially for sites that   
   hold medical or financial information. Although this can be a bit of a faff,   
   it's a great extra layer of security and gives you a peace of mind knowing   
   that criminals would struggle that bit more to access your data.    
      
   Another thing to look out for is mismatched or suspicious domains. If you   
   receive an email youre not expecting, especially one prompting action and   
   including a link. Check the spelling of the domain, e.g. Faceb00k rather than   
   Facebook. Its never a bad idea to Google what the legitimate domain would be,   
   either.    
      
   The final thing to look for is odd attachments - if the sender is unknown and   
   the email contains links, images, or documents - this is a red flag. Qr codes   
   are particularly dangerous, so dont scan anything youre not certain is safe.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/phishing-campaign-targets-prominent-x-u   
   sers-accounts-at-risk   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426