Twishing (“Twitter” + “phishing”) is a form of cybercrime carried out through X, formerly known as Twitter. In these scams, attackers use fake or compromised X accounts of well-known companies or famous people to send messages with links. These links look real but take users to websites designed to trick them into providing their personal data, like passwords or credit card details.
How twishing works
- Scammers create X accounts that look like they belong to real businesses or people.
- These accounts send tweets or direct messages containing links to phishing websites. The links often look legitimate but lead to fake websites controlled by the scammers.
- When people click these links, they end up on sites that look real but are designed to steal their information.
- The scammers use the stolen information for fraudulent activities or sell it on the dark web.
Examples of twishing
- Brand impersonation. Scammers often create fake accounts pretending to be banks or popular retail brands. They send tweets or direct messages to users, asking them to verify account details or warning of an account issue.
- Celebrity impersonation. High-profile celebrity accounts have been hacked and used to spread phishing links. In some cases, hackers posted tweets that appeared to offer giveaways or deals but actually contained links to phishing sites.
- Bitcoin scams. One common twishing scam involves fake Bitcoin giveaways. Scammers pretend to be well-known cryptocurrency figures, promising to double any Bitcoin you send to them. Elon Musk is one of the most popular impersonation targets in such scams.
- COVID-19-related scams. During the COVID-19 pandemic, there was an increase in twishing attacks exploiting the crisis. These included fake information about relief funds or health advice, directing users to phishing sites.
- Customer support scams. Hackers impersonate the customer support accounts of major companies. They respond to real customer inquiries with links to phishing sites under the pretext of resolving issues.