A blockchain security firm alerts users to beware of malicious links that start with api.twitter[.]com, which can hijack their Twitter accounts and spread phishing messages.
SlowMist, a blockchain security firm based in China, has issued a warning to Twitter users to pay attention to phishing links that start with api.twitter[.]com. The firm said that once authorized, these links can allow scammers to control the users’ Twitter accounts and send phishing information to their followers.
Disguised as Legitimate Twitter API Authorization Requests
According to SlowMist, the phishing links are disguised as legitimate Twitter API authorization requests, which ask users to grant access to their accounts to third-party applications. However, these applications are actually malicious and can post tweets, send direct messages, and access personal information on behalf of the users.
Scammers Pose as Journalists or Researchers
SlowMist said that the scammers often pretend to be journalists, projects, capitals or researchers, and use fake accounts to lure users into clicking on the phishing links. The firm advised users to check the URL carefully before authorizing any applications, and to revoke access to any suspicious applications in their Twitter settings.
Twitter has a policy of blocking or limiting links that are malicious, spammy, or misleading. The company also provides tips and resources for users to protect their accounts and report phishing attempts. However, phishing remains a common and effective technique for scammers to steal credentials, personal information, or money from unsuspecting users.