I hereby claim:
- I am satnam on github.
- I am satnam (https://keybase.io/satnam) on keybase.
- I have a public key whose fingerprint is 3646 006D C83C DAA5 CF17 6D1B 1271 B9ED 75FD 1350
To claim this, I am signing this object:
Satnam Narang satnam
satnam
/ keybase.md
Created
July 17, 2015 07:12
Background: Compromised Twitter accounts are currently tweeting about new miracle diet pills. These tweets include links pointing to appspot.com, which redirects users to sites masquerading as the real Women's Health magazine. These sites use standard templates that include celebrity testimonials in order to promote a diet pill known as Garcinia Cambogia Extract. So how did these accounts get compromised in the first place?
It starts with a tweet from someone you follow. They will say something about a rumor or a nasty post going around about you. This narrative is designed to entice the user into clicking on the included link (Origin URL) to find out more.
| Tweets |
|---|
| "OMG Awful Posts Going around about you, have you seen this yet?" |
| "Awful Posts Going around about you, have you seen this yet?" |
Background: Compromised Twitter accounts are tweeting @ friends/followers a random phrase (1) which includes an open redirect URL (2) that leads to phishing sites (5). There are two additional redirects (3, 4) before the recipient reaches the actual phishing site.
Phrases
- This is too funny of you [open redirect]
- OMG when did you do this? [open redirect]
- I can't stop laughing! [open redirect]
- This pic of you is funny lol [open redirect]
Open Redirect