A new campaign following an old method in the wild, where scammers are luring vulnerable Twitter users and blog/news site owners into sharing their credentials and downloading trojans.
The theme they have taken is the Fake Copyright Warnings, which can trigger panic users to react to their scheme without verifying the claim quickly. Therefore, diligent scanning before reacting to such emails and messages is advised.
Fake Copyright Warnings Campaign
Scammers exploiting the general fear of users isn’t new, and they do it always in various means. The latest one comes in the form of a fake copyright infringement warning, which states the target’s tweet has infringing content shared and responded with a feedback form filled with solving the issue.
This verified account is impersonating @TwitterSupport by sending DMs to users, directing them to a phishing website, and asking them to enter their password.
I have reported it to Twitter, but in the meantime, be wary if you recieve a DM from this account. pic.twitter.com/fJ19Ua2zry
— Shayan Sardarizadeh (@Shayan86) May 11, 2021
This was spotted by a journalist named Shayan Sardarizadeh, who shared a sample of such campaign’s fake warning;
“Copyright infringement was detected in one of the tweets on your account. If you think copyright infringement is wrong, you need to provide feedback. Otherwise, your account will be suspended within 48 hours.”
While this comes from an impersonating Twitter Support account, analyzing the message carefully could avoid falling prey to this trap. The aim here is to steal the credentials when login details are logged into the phishing feedback form. Another similar campaign is targeted at news and blog owners, where scammers here state as below;
“My name is Tania.
Your website or a website that your company hosts are infringing on a copyright-protected images owned by myself.
Take a look at this document with the links to my images you used at www.randomsite.com and my earlier publications to get the evidence of my copyrights.
Download it right now and check this out for yourself:
—- scammy https://sites.google.com/view/XXX link —-
I believe you have willfully infringed my rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $150,000 as outlined in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.
This letter is official notification. I seek the removal of the infringing material referenced above. Please take note as a service provider, the Digital Millennium Copyright Act requires you, to remove or disable access to the infringing materials upon receipt of this notice. If you do not cease using the aforementioned copyrighted material, a lawsuit will be commenced against you.
I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.
I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
Best regards,
Tania Ortega”
Vulnerable targets clicking the Copyright Infringement Evidence link will download a document, which is said to be a ransomware trojan. This, in turn, can infect the target’s device and lock it up for ransom demand. Thus, any such suspicious email should be carefully observed before responding.
