Sponsored Scamming

As a security researcher who keeps an eye on Twitter to stay informed about developments in the world of cyber security, I noticed that as of August 2018, phishing ads targeting bank customers began to appear on Twitter. At first, I only reported these tweets to Twitter, but as the number of messages from my followers increased and these ads continued until October, I decided to take a closer look at this issue.

Malicious Advertisement
Malicious Advertisement
Malicious Advertisement
Malicious Advertisement
Malicious Advertisement
Malicious Advertisement
Malicious Advertisement

When I followed the link in one of the phishing tweets, I found that the scammers were stealing the customer’s username, password, verification code sent via SMS, and transfer verification code used during internet banking login.

Malicious Advertisement
Malicious Advertisement
Malicious Advertisement
Malicious Advertisement

Like many of you, when I see these sponsored phishing ads on Twitter, I have some questions and answers that come to mind:

  • Why can’t Twitter take action to block these phishing ads that have been the subject of complaint reports for months and look very similar to each other?
  • How is it possible that some of the accounts used for phishing tweets were created years ago?
  • How can similar phishing tweets be detected?

  • As I looked for answers to these questions one by one, I can say that while I was unable to find an answer to the first question, I was surprised that Twitter appeared to be so helpless (or perhaps indifferent) in the face of these phishing ads. When I came to answer the second question, the likely reason that these accounts used for phishing are old, as stated on Twitter’s help page, was that they allow users to change their username. Based on this information, it can be said that these accounts used for phishing are probably hacked and used by scammers for their own purposes. As for the third question, how to detect phishing tweets, I decided to conduct a study using Optical Character Recognition (OCR) technology by identifying common keywords in Turkish such as “LUCKY” , “PARTICIPANT”, “ABOVE” in most messages.

    Malicious Advertisement

    After seeing that most bank customers are facing these phishing tweets and shared by official Twitter accounts of the banks, I quickly started to design a tool in my mind. The basic things the tool had to do were to search for bank names on Twitter, download the images shared in the tweets, analyze them using OCR, and send an email warning when the keywords “LUCKY” , “PARTICIPANT” , “ABOVE” were detected. I began coding this tool using Python, taking advantage of the Tweepy library, and a short time later, my Phishing Tweet Detector was developed.

    After running the tool, a short time later, it was able to detect a phishing tweet shared by a Twitter user with a bank, and this helped the institution to fight against such scammers, thus my idea of helping citizens and institutions to fight against these types of scammers was successfully implemented. :)

    Malicious Advertisement
    Malicious Advertisement
    Malicious Advertisement
    Malicious Advertisement

    Before I put an end to my article, I would like to emphasize that it is very, very important for those who come across phishing messages to report them to their banks and the social media platform as soon as possible (just like reporting a Tweet).

    Malicious Advertisement
    Malicious Advertisement

    Hope to see you in the following articles.

    image_pdfShow this post in PDF formatimage_printPrint this page
    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You May Also Like
    Read More

    Antimeter Tool

    Generally I prefer writing my articles in Turkish and I support my articles with proof of concept codes, videos and small tools. In my previous article, I created a small tool called antimeter which scans memory for detecting and also killing Metasploit’s meterpreter. I did not expect that much interest…
    Read More
    Read More

    WhatsApp Scammers

    Introduction I recently received my share of calls and messages from foreign cell phone numbers, disturbing almost everyone, especially in Turkey, who has used the WhatsApp application in recent days. Of course, as in my articles on other scams (Exposing Pig Butchering Scam, LinkedIn Scammers, Instagram Scammers), I rolled up…
    Read More
    Read More

    New Job, New Me

    It’s been quite a journey, after 10 long years filled with career successes and six promotions, I started my role as a Mid-Level Security Specialist at IBTech in June 2007. Just last week, I bid farewell to my position as Technical Leader. It turns out that leaving behind colleagues you’ve…
    Read More