I hereby claim:
- I am satnam on github.
- I am satnam (https://keybase.io/satnam) on keybase.
- I have a public key whose fingerprint is 3646 006D C83C DAA5 CF17 6D1B 1271 B9ED 75FD 1350
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
Background: Compromised Twitter accounts are currently tweeting about new miracle diet pills. These tweets include links pointing to appspot.com, which redirects users to sites masquerading as the real Women's Health magazine. These sites use standard templates that include celebrity testimonials in order to promote a diet pill known as Garcinia Cambogia Extract. So how did these accounts get compromised in the first place?
It starts with a tweet from someone you follow. They will say something about a rumor or a nasty post going around about you. This narrative is designed to entice the user into clicking on the included link (Origin URL) to find out more.
Tweets |
---|
"OMG Awful Posts Going around about you, have you seen this yet?" |
"Awful Posts Going around about you, have you seen this yet?" |
Background: Compromised Twitter accounts are tweeting @ friends/followers a random phrase (1) which includes an open redirect URL (2) that leads to phishing sites (5). There are two additional redirects (3, 4) before the recipient reaches the actual phishing site.
Phrases
Open Redirect