A phishing scam, which allowed hackers to gain control of high-profile Twitter accounts this past summer, has provided cybercriminals with a new convincing email scam.
The Twitter attack, which happened in July and gave hackers control of over one hundred high-profile accounts, had cybercriminals scamming Twitter followers out of money. The current round of email scams piggybacks on this previous scam.
Kingston Police are warning that the phishing email uses text that is very similar to the official statement that Twitter made in response to the July attack. According to a release from Kingston Police, dated Tuesday, Oct 13, 2020, the email claims that due to a security breach, you must confirm your identity by clicking on a link in the email. When you click the link, you are redirected to a site that looks very similar to the real Twitter login page. The site is actually a look-alike designed to steal your login credentials. Any information that you enter on this page is delivered straight to the scammers, according to police.
Kingston Police offer these tips:
- Never click on a link within an email that you weren’t expecting.
- When you’re asked to log in to an account or online service, navigate to the official website and log in. That way, you can ensure you’re logging in to the real site and not a phony look-alike.
- Email security filters can only do so much to protect you from malicious emails. Stay alert and help create a human firewall for you or your organization’s email inbox.
Stop, look, and think. Don’t be fooled by the scammers.