Spam and phishing


We love social networking sites, and phishers are no exception. They’ve been sending out fake Twitter notifications for a while now. The one we’ve just received doesn’t have much in common with previous phishing attacks.
The message looks like this:

Lots of suspicious things about this message: the word “twitter” comes at the end of the link, rather than the beginning, and the English is a bit dodgy as well. None of the addresses in the “From” fields have any strong associations with Twitter:

  1. From: “Donald”
  2. From: “Michael”
  3. From: “Jeff”

Click on the link (aren’t people getting tired of all this clicking?) and you end up on a site which is very generously offering to let you into the secret of how to make money on Twitter. All you have to do is enter your details.

And once you’ve done that, you get asked for your credit card details:

So here’s the $64,000 question: is it really a good idea to enter your credit card details on a site telling you how to make money from home, a site that you reached by clicking on a spam link? (On second thoughts, no prizes, because we should all know the answer by now!)

But the story doesn’t end here – out of sheer curiosity, I put into my browser (instead of and got this:

And then got redirected to a site telling me I’d won a stack of money. Great news – why should I put in time ‘earning’ money on Twitter when I can just win the lottery? All I need to do is give them my details…

We love social networks for some of the oddities they throw up. And phishers love them too, because there’s always someone who’s willing to click, and click, and click again.


Your email address will not be published. Required fields are marked *



Focus on DroxiDat/SystemBC

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.

APT trends report Q2 2023

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

Subscribe to our weekly e-mails

The hottest research right in your inbox