Cryptocurrency News Today: How to sell the Brooklyn Bridge in the 21st century

Cryptocurrency News Today: How to sell the Brooklyn Bridge in the 21st century

Twitter in particular has been hit by a number of financial scams in recent years. In January, the platform accidentally promoted a tweet that, upon first glance, looked to be a legitimate PayPal account and promised an end-of-the-year sweepstakes including the chance at a new car or iPhone. All one had to do was verify their account details. This was, in fact, a pretty basic phishing attempt that had simply slipped through Twitter’s ad screening process. Upon realizing their mistake, Twitter immediately shut down the offending account.

Last year, a British man, frustrated by the time it took to set up a Barclays bank account, vented his frustrations on Twitter — as you do. He also posted a screencap of an email the bank had sent him, which included a number of personal details. Scammers leveraged that data to send the man a followup email, which he assumed was from the bank, and then siphoned off the £8,000 he’d originally intended to move between accounts.

“They targeted me because they are monitoring the big banks’ customer support Twitter channels where they can get enough information on name, location, and photo to then be able to track down further information,” the man told BBC News in 2018. The lesson here: never tweet angry.

It’s not always about the money. In 2009 and again in 2014, Twitter was ravaged by self-propagating worms. They used JavaScript commands embedded in the messages themselves to force any account using Tweetdeck that viewed them to automatically retweet the message. In 2014, a cross-site scripting (XSS) attack launched by user, @derGeruhn, spread through more than 87,000 accounts before it was halted. Luckily, there didn’t seem to be any malicious intent behind the stunt beyond playing with a TweetDeck security bug, the result of a coding error that prevented the program from filtering out Javascript commands from message bodies. The vulnerability has since been patched.

“The filter bypass in this case was a little tricky,” Jeremiah Grossman, former CEO of WhiteHat Security, told Ars Technica in June. “Cross site scripting is a cockroach. It’s all but impossible to exterminate completely. No matter how hard you try and how much you invest, you’re going to make mistakes.”

Even seemingly innocuous tweets asking for your favorite films or pictures of your dog, like the one below, can be dangerous since they often reveal information used in account security challenges.

Show me your pets, tell me their names then retweet. Go:

— David Leavitt (@David_Leavitt) September 6, 2019

“Yeah, that’s called grooming,” Cynthia Hetherington, a Certified Fraud Examiner and President of the Hetherington Group, a corporate intelligence and cyber investigation consulting firm. “Common intelligence practice. It’s just getting used now by the mainstream. It’s a way of eliciting information from people in order to gain vital reach into perhaps their passwords, user ID or personal identifying information.”

It’s wildly unlikely that Twitter-verified, award-winning multimedia journalist, David Leavitt, is a scam artist but the entire world can see these response tweets. Anyone can use that information to build a dossier on a person, like the Barclays guy we discussed earlier. Thus there is only one proper answer when participating in these Twitter memes. Lie through your teeth, as such:

Denis Leary


“Big Pussy” Bonpiensaro

— post breakup phone call with uncle (@ByYourLogic) October 3, 2019

Even Twitter co-founder and CEO Jack Dorsey isn’t immune to fraud on his company’s platform. Just this past August, his account was briefly hijacked using a technique known as SIM swapping. The attackers leveraged a widely forgotten application dubbed Cloudhopper that Twitter bought in 2010. Cloudhopper allows users to sign in to their accounts and tweet using SMS. With a bit of fancy codework the attackers w

Read More

Leave a reply