It’s been just two days since we heard about X giving its business account holders more benefits in terms of a lower-cost subscription plan. But now, shocking reports are raising the alarm for business owners as hackers are on the rise to target verified accounts belonging to top businesses and government officials.
The motive seems to be linked to marketing phishing and crypto scams with the help of crypto drainers, experts warn.
One recently highlighted case on X belonged to the organization Mandiant. The latter is a cyber intelligence firm that serves as Google’s subsidiary. The incident involved the promotion of false airdrops that managed to empty crypto wallets.
For a while now, the Malware Hunter Team has been busy trying to follow such activity on the app and figure out its whereabouts. They found a leading number of notable examples featuring the gold and grey user accounts being tracked.
The reports come two days after we saw news of Amina Gerba, one of Canada’s senators alongside another political from Brazil, Ubiritan Sanderson, falling into hackers’ hands.
Yesterday, news about Mandiant being attacked made the air as the means used was delineated to be through crypto drainers. Despite 2FA being active on such accounts, the hijacking arising was surprising and bizarre in terms of how they managed to carry out the ordeal with so much precision.
Gold ticks on X accounts are indications of businesses being an official entity. Meanwhile, the X features a grey badge that delineates which profile stands for a government company or a representative from the organization.
Both kinds of accounts must meet particular eligibility. By comparison, the blue ticks are provided to users paying for Premium subscriptions on the platform.
So as you can see, both of these symbols serve as eligibility criteria inspiring trust so that more viewers see them as trustworthy sources for information.
The marketing ideas related to X’s whole verification system and paid tiers are gearing up to rise by several magnitude levels, one report added. Meanwhile, that simultaneously has transformed into targets that hackers are using to attack cybercriminals.
One report arising from CloudSEK proved how the pop-up of such hackers keeps increasing on the black market. The latter is where the criminals are making quick and unlawful funds through the sale of compromised business accounts. The costs range between $1200 to $2000.
Meanwhile, some of the sellers are giving out options to affiliate scam accounts with those featuring gold ticks for a cost of $500. This lends them great credibility as it avoids the need for stringent verification via the social media app.
Shocking allegations from threat actors working on the dark market as well as messaging apps like Telegram are proof of how hackers use corporate accounts that were compromised in some manner and are now transformed into the likes of a gold profile by users.
Other shocking examples on this front feature hackers preventing real owners from access, carrying out a one-month plan for a Gold subscription, and then passing such accounts to new owners.
CloudSEK claims it saw several accounts sales of this kind arise in the past month. Shockingly, one account that was inactive since the year 2016 featured 28k followers and was marketed for $2500 without anyone realizing it.
For this reason, security experts recommend firms immediately shut down inactive accounts if they’ve been dormant for years. Other safeguards in place include reviewing security settings and activating 2-Factor-Authentication.
It’s also worth mentioning that checking the platforms linked to accounts and their login activity for active sessions across different devices is also recommended.
Image: Digital Information World - AIgen
Read next: Whatsapp RCS, SMS, iMessage: Survey Shows Which Messaging App People Prefer And Use The Most
The motive seems to be linked to marketing phishing and crypto scams with the help of crypto drainers, experts warn.
One recently highlighted case on X belonged to the organization Mandiant. The latter is a cyber intelligence firm that serves as Google’s subsidiary. The incident involved the promotion of false airdrops that managed to empty crypto wallets.
For a while now, the Malware Hunter Team has been busy trying to follow such activity on the app and figure out its whereabouts. They found a leading number of notable examples featuring the gold and grey user accounts being tracked.
The reports come two days after we saw news of Amina Gerba, one of Canada’s senators alongside another political from Brazil, Ubiritan Sanderson, falling into hackers’ hands.
Yesterday, news about Mandiant being attacked made the air as the means used was delineated to be through crypto drainers. Despite 2FA being active on such accounts, the hijacking arising was surprising and bizarre in terms of how they managed to carry out the ordeal with so much precision.
Gold ticks on X accounts are indications of businesses being an official entity. Meanwhile, the X features a grey badge that delineates which profile stands for a government company or a representative from the organization.
Both kinds of accounts must meet particular eligibility. By comparison, the blue ticks are provided to users paying for Premium subscriptions on the platform.
So as you can see, both of these symbols serve as eligibility criteria inspiring trust so that more viewers see them as trustworthy sources for information.
The marketing ideas related to X’s whole verification system and paid tiers are gearing up to rise by several magnitude levels, one report added. Meanwhile, that simultaneously has transformed into targets that hackers are using to attack cybercriminals.
One report arising from CloudSEK proved how the pop-up of such hackers keeps increasing on the black market. The latter is where the criminals are making quick and unlawful funds through the sale of compromised business accounts. The costs range between $1200 to $2000.
Meanwhile, some of the sellers are giving out options to affiliate scam accounts with those featuring gold ticks for a cost of $500. This lends them great credibility as it avoids the need for stringent verification via the social media app.
Shocking allegations from threat actors working on the dark market as well as messaging apps like Telegram are proof of how hackers use corporate accounts that were compromised in some manner and are now transformed into the likes of a gold profile by users.
Other shocking examples on this front feature hackers preventing real owners from access, carrying out a one-month plan for a Gold subscription, and then passing such accounts to new owners.
CloudSEK claims it saw several accounts sales of this kind arise in the past month. Shockingly, one account that was inactive since the year 2016 featured 28k followers and was marketed for $2500 without anyone realizing it.
For this reason, security experts recommend firms immediately shut down inactive accounts if they’ve been dormant for years. Other safeguards in place include reviewing security settings and activating 2-Factor-Authentication.
It’s also worth mentioning that checking the platforms linked to accounts and their login activity for active sessions across different devices is also recommended.
Image: Digital Information World - AIgen
Read next: Whatsapp RCS, SMS, iMessage: Survey Shows Which Messaging App People Prefer And Use The Most