https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Security


Partner content

New phishing attacks shame, scare victims into surrendering Twitter, Discord credentials

New phishing attacks shame, scare victims into surrendering Twitter, Discord credentials

  • Written by Nathan Eddy / Dark Reading
  • 11th July 2022

A recent wave of social media phishing schemes doubles down on aggressive scare tactics with phony account-abuse accusations to coerce victims into handing over their login details.

Last week alone, Malwarebytes Labs uncovered two phishing scams, targeting Twitter and Discord (a voice, video, and text chat app). The Twitter phishing scam sends users a direct message (DM) flagging their account for use of hate speech and requesting the user authenticate the account to avoid a suspension. Users are then redirected to a fake “Twitter help center,” which asks for the user’s login credentials.

The Discord phishing campaign sends users a message from friends or strangers accusing the user of sending explicit photos that are exposed on a server. The message includes a link to the purported server, and if the user wants to follow the link, they are asked to log in via QR code. If they do, the account will most likely be taken over by scammers, according to Malwarebytes. The message then gets sent to the user’s friends from his or her account, perpetuating the phishing scam.

Patrick Harr, CEO at SlashNext, an anti-phishing company, says the Twitter and Discord attacks are a clever twist on the traditional social engineering scam to steal credentials. The best social engineering scams use fear or outrage to move the victim to act quickly without taking too much time to think “Is this a phishing scam?,” he explains.

“In both cases, the users of Twitter and Discord are motivated to resolve an issue that could impact their status, business, or entertainment, which is why this phish is so effective,” he notes.

Social media platforms are perpetual targets of phishing campaigns, using psychological manipulation to encourage victims to disclose confidential login credentials. The pilfered information is then used by malicious actors to hijack the user’s social media accounts, or even gain access to their bank accounts.

But more importantly for enterprises, successful social media attacks on their employees can open the door to infiltration to the company network via the user’s infected device or abused credentials. “This means companies need a BYOD strategy that includes multichannel phishing and malware protection to protect social, gaming, and all messaging apps,” Harr says.

Fear and Urgency as Phishing Tools

James McQuiggan, security awareness advocate at KnowBe4, explains social media phishes are effective because they use fear and urgency to get the victim to take an action they might not otherwise take. “A lot of the time, phishing attacks rely on the victim reacting to the email in an emotional state,” he says. “The victim sees the email and responds without adequately checking the sender or the link.”

An example is the threat of the social media account being suspended or a notice that the password has expired. When the victim clicks the link and visits the fake website, it looks exactly like the login page, and the user enters their credentials.

And if the user employs multifactor authentication (MFA) with the account, he says, the attacker can copy that session key to bypass the login and automatically gain access before the victim realizes it.

To read the complete article, visit Dark Reading.

 

Tags: Alerting Systems Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness News Policy Public Safety Security Software State & Local Government Subscriber Devices System Design System Operation Tracking, Monitoring & Control Training Partner content

Most Recent


  • Research claims driverless tech still too easy to trick
    Autonomous vehicles can be easily manipulated into performing undesirable driving behavior through the placement of ordinary objects on the roadside, according to a study from the University of California, Irvine (UCI). The research team set up a course on the UCLA campus to test the reactions of driverless cars, running the open-source AD systems Apollo […]
  • Coalition expresses urgent need to NG911 funding, wants more than proposed $10 billion
    ANAHEIM—Public Safety NG911 Coalition representatives expressed support for legislation that calls for as much as $10 billion in spectrum-auctions proceeds to be used to fund the transition to next-generation 911 technology, but they want the money to be available soon and believe more than $10 billion is necessary. These statements were made yesterday during a […]
  • APCO releases NG911 guide, quickly clarifies stance on NENA's i3 standard
    ANAHEIM—At its annual trade show, the Association of Public-Safety Communications Officials (APCO) yesterday announced the release of its “Definitive Guide to Next-Generation 911” and, hours later, issued a press release to clarify its position on the i3 standard developed by the National Emergency Number Association (NENA). APCO International Executive Director and CEO Derek Poarch announced […]
  • 10 malicious code packages slither into PyPI registry
    Administrators of the Python Package Index (PyPI) have removed 10 malicious software code packages from the registry after a security vendor informed them about the issue. The incident is the latest in a rapidly growing list of recent instances where threat actors have placed rogue software on widely used software repositories such as PyPI, Node Package […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • DHS review board deems Log4j an 'endemic' cyber threat
  • UK private-equity group Epiris buys Sepura from Hytera
  • House committee approves bill with $10 billion for NG911
  • Fake Google software updates spread new ransomware

Commentary


LTE and liability: Why the fire service must move forward with digital incident command

  • 2
6th May 2022

Partnership and collaboration must be the foundation for emergency communications

18th April 2022

FirstNet success means no hypothetical ‘shots’ need to be fired, Swenson says

22nd February 2022
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Research claims driverless tech still too easy to trick dlvr.it/SWMDts

10th August 2022
UrgentComm

Coalition expresses urgent need to NG911 funding, wants more than proposed $10 billion dlvr.it/SWL5VW

9th August 2022
UrgentComm

APCO releases NG911 guide, quickly clarifies stance on NENA’s i3 standard dlvr.it/SWKcCY

9th August 2022
UrgentComm

10 malicious code packages slither into PyPI registry dlvr.it/SWKHxl

9th August 2022
UrgentComm

Verizon Frontline deploys 1,000 connectivity services for nationwide wildfire response efforts dlvr.it/SWKGpW

9th August 2022
UrgentComm

Newscan: Verizon counts 5.1 million first-responder subs; AT&T has 3.7 million dlvr.it/SW84Gv

6th August 2022
UrgentComm

Taiwan crisis another blow to the supply chain dlvr.it/SW7GSs

5th August 2022
UrgentComm

Motorola Solutions seeks contempt finding, global injunction against Hytera for not paying royalty dlvr.it/SW6Ldm

5th August 2022

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X