"New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials"
Recent social media phishing scams have intensified their scare tactics by making false accusations of account abuse in order to force victims into providing their login information. Two phishing attacks on Twitter and Discord were recently discovered by Malwarebytes Labs. Users who fall victim to the Twitter phishing scam will receive a direct message (DM) asking them to authenticate their account to prevent suspension for using hate speech. Users are then redirected to a fake "Twitter help center," which requests the user's login information. The Discord phishing campaign sends messages to users from friends or strangers accusing them of sending explicit photos that are exposed on a server. The message contains a link to the alleged server, and if the user clicks on it, they are prompted to log in using a QR code. According to Malwarebytes, if they do, the account will most likely be taken over by scammers. The message is then sent from the user's account to his or her friends, perpetuating the phishing scam. According to Patrick Harr, CEO of anti-phishing company SlashNext, the Twitter and Discord attacks are a clever twist on the traditional social engineering scam to steal credentials. The best social engineering scams use fear or outrage to get the victim to act quickly and without thinking. Users of Twitter and Discord are motivated in both cases to resolve an issue that could affect their status, business, or entertainment, which is why this phish is so effective. This article continues to discuss the recently discovered phishing scams targeting Twitter and Discord users, and why the scams were effective.