Twitter and Facebook Phishing Scams

Twitter and Facebook are two of the most popular social media platforms, with billions of users around the globe. This makes them a prime target for phishing scammers, as we have covered in our previous articles, here and here. Recently, netizens have reported a wave of new phishing attempts.

Twitter Phishing Scams

Twitter and Facebook Phishing Scams_Scott Witt Twitter announcement_20220711
Source: Twitter

Users have reported that their verified (blue-tick) Twitter accounts are being hacked and taken over by scammers. The scammers then use this authoritative identity to DM other users with phishing messages such as that below.

Twitter and Facebook Phishing Scams_Phishing Message on Twitter_20220711
Source: BleepingComputer

Posing as a Twitter support worker, the scammers inform the would-be victim that “your account has been flagged as inauthentic”. You will then have to verify it via a link. The link however, is a classic phishing link that will take you to fake phishing pages designed to steal your personal information. Interestingly, this phishing scheme appears to be quite advanced as the fake page will only accept the correct password from the victim.

Twitter Phishing_Scample Phishing pages
Sample phishing pages

If you receive any messages such as the above, think twice before following their instructions!

Facebook Phishing Scams

In the case of Facebook, malicious chatbots are sending would-be victims phishing messages with the announcement that “Your page has been scheduled for permanent deletion for not following the Facebook Community Standards…”. Supposedly, you can “appeal” the decision by clicking the button.

Facebook Phishing_Fake Chat bbot impersonating FB page support_20220711
Source: HackRead

Needless to say, you should NOT do as told. Clicking the appeal button will take you to a fake phishing page where you’ll need to log in and authenticate your account with 2FA. Notice the weird, excessively long URL below (official websites like Facebook and Twitter never have URLs like this).

Facebook phishing_Facebook phishing pages_20220711
Source: HackRead

As before, think twice before following instructions like the above. If in doubt, contact the company directly from your account.

Trend Micro Check

We recommend our FREE Trend Micro Check tool: an all-in-one browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links.

After you’ve pinned the Trend Micro Check…