Twitter Staff Locked Out | Netflix Phishing Emails | Black Friday Scam Warning

Article by Christopher Lauder, Client Engagement Executive, Rela8 Group

Twitter Staff Locked Out

Twitter has told employees that the company's office buildings will be temporarily closed, with immediate effect. It did not give a reason for the move.

Elon Musk has called on Twitter staff to sign up for "long hours at high intensity" or leave. There are signs that large numbers of workers have resigned because they have not accepted Musk's new terms.

One former Twitter employee, who wished to remain anonymous, told the BBC:

"I think when the dust clears today, there's probably going to be less than 2,000 people left. The manager of my team, his manager was terminated. And then that manager's manager was terminated. The person above that was one of the execs terminated on the first day. So, there's nobody left in that chain of command."

Before Musk took control of Twitter the company had about 7,500 staff. The firm was also reported to have employed thousands of contract workers, the majority of whom are understood to have been laid off.

Twitter has alerted employees that effective immediately, all office buildings are temporarily closed, and badge access is suspended as of now. Zoë Schiffer of Platformer News claims that this is because Elon Musk and his team are terrified that employees are going to sabotage the company.

In the meantime, Twitter’s management has asked all employees to continue to comply with company policy by refraining from discussing confidential company information on social media, with the press or elsewhere. Certain reports suggest that certain business services have also been suspended for all employees.

Source - Elon Musk Twitter Updates - BBC News

Source - Elon Musk Twitter Updates - Firstpost

Source - Elon Musk Twitter Updates - Deadline

Source - Elon Musk Twitter Updates - LBC

Netflix Phishing Emails

Security researchers are warning that corporate accounts could be at risk after noting a 78% increase in email impersonation attacks spoofing the Netflix brand since October. If employees use the same credentials for personal accounts like Netflix as their work accounts, campaigns like this may imperil corporate systems and data.

The group behind this particular campaign is using Unicode characters to bypass natural language processing (NLP) scanning in traditional anti-phishing filters. The security vendor, Egress, have reported the following:

“Unicode helps to convert international languages within browsers – but it can also be used for visual spoofing by exploiting international language characters to make a fake URL look legitimate. For example, you could register a phishing domain as ‘xn–pple-43d.com,’ which would be translated by a browser to ‘аpple.com.’ This is known as a homograph attack.”

Alongside these techniques, the phishers use classic social engineering tactics, such as rushing the user into action and piggy-backing on current events – in this case Netflix’s introduction of a new ad-tier package.

Although 52% of the emails spotted by Egress use this lure, other subject lines include “Netflix cancellation confirmation” and “Get Unlimited Membership for $0.99.”

The campaign appears to be targeting users in the US and UK primarily.

Source - Netflix Phishing Emails - InfoSec Magazine

Source - Netflix Phishing Emails - Egress Report

Black Friday Scam Warning

According to research from Bitdefender, 56% of Black Friday spam emails received this year between October 26th and November 6th, were scams.

The firm’s antispam researchers analysed all unsolicited Black Friday-related emails delivered to its customers over the period, 68% of which were sent over the final three days.

Unsurprisingly, the highest proportion of Black Friday spam messages were received in the US (27%). This was closely followed by Ireland (24%), then Sweden (8%), Denmark (7%) and France (5%).

Speaking to Infosecurity about the large proportion in Ireland, Alina Bizga, security analyst at Bitdefender, noted:

“Given that the majority of Black Friday spam emails were redacted in English and that thousands of retailers in Ireland are preparing for this year’s Black Friday weekend, it’s not unusual for us to see a high portion of shopping-related spam hitting users in the region.”

The study found that scammers placed a heavy emphasis on using fake discount offers on designer bags and sunglasses to lure consumers to fake shops to steal their money and data. Two scams highlighted by the researchers used the subject lines ‘Ray-Ban, Oakley, Costa Sunglasses Up To 90% Off!’ and ‘Louis Vuitton Bags Up To 86% Off!’

Another significant avenue pursued by fraudsters was ‘giveaway scams.’ In one example, recipients in the US, Ireland, Sweden, Denmark, Canada and the UK were invited to claim a Home Depot gift card worth $500. However, after clicking the link, the users were taken to a fake online survey page that had nothing to do with the gift card. Upon completion, they would be taken to another page to pick out a ‘prize,’ including a Google Pixel and an iPhone 13.

Once a prize was selected, the ‘winner’ would be asked to pay a small shipping fee, entering their name, address, and payment information.

In another example, users in Germany were sent a fake PayPal and Amazon Black Friday voucher worth €1000. Here, recipients were asked to enter personally identifiable information and confirm their email addresses. They were then sent a separate email with a link that would lead to the users giving away additional information and access to their PayPal accounts. Bizga explained.

The new research follows recent figures cited by the UK’s National Cyber Security Centre (NCSC) from cases reported to. This showed that online shoppers lost a staggering £1000 each on average to fraud during last year’s Christmas shopping period.

Source - Black Friday Scam Warnings - InfoSec Magazine

Source - Black Friday Scam Warnings - RTE

Source - Black Friday Scam Warnings - Mirror