What is the mechanism that a malicious advert who took over a Twitter account gets out, and the taken over person does not notice?


by

PhotoMIX-Company

Twitter is experimenting with showing more ads to some users, and has been criticized from around 22 May 2019 for the quality of the ads being too low . However, aside from this, a British hacker revealed that there is 'a fraudulent ad that has taken over a user's account is on the market' on Twitter.

Warning – do not click on Twitter ads – Terence Eden's Blog
https://shkspr.mobi/blog/20019/05/warning-do-not-click-on-twitter-ads/

Here are some of the ads that British hacker Terence Eden found: 'Promoted' is displayed in the lower left part of the tweet, and it looks like an advertisement on the site 'queryindx.com' at first glance. But when you click on the link ...



The logo displayed is from

Daily Mirror .



And in the page is the word 'Register Here And Start Profiting!'. It was a low-quality fraudulent site that attempted to exploit user information.



The logo of Mirror is untouched and the personal information input form is expanded as follows.



Eden pointed out, 'Such advertisements do not pass manual reviews and can be detected with automated tools. Twitter is completely asleep.'

Why did Mr. Eden notice such a scam site? About? The Rock of users do not know 'such tweets in a way that continue to their tweets to introduce queryindx.com! Is why occur such that' @Fishblogger 'This is not my tweet. Click bait probably Is it written? In light of this tweet, Eden realized that 'somebody hijacks another person's account and carries out spam advertisement.'



Originally the above 'Tweet not displayed on the user's own timeline' was also used by legitimate users. For example, Apple has sent a number of Promoted Tweets like the following ...



Actually, if you look into Apple's Twitter account , Promoted Tweets are not displayed on your timeline because they are separate frames from ordinary tweets, and there are no past tweets themselves. Ads using a user account called @Fishblogger are also due to this mechanism.



Because they don't appear on their timeline, their followers don't feel strange and in most cases they don't notice hijacking. What he / she notices is only when he gets a reply to hijacking tweets. Moreover, Promoted Tweets can only be handled with the Twitter Ad Platform, so even if the user notices hijacked tweets, most users do not know how to delete them.



On the other hand, ad tweets such as 'It looks like a link to an article on a formal news site at first glance but redirects to a malicious site when clicked on' have already been

reported as of March 2019. I think the following post is linked to the CNN article ...



You will be redirected to another site called 'escalatingprices.com', which will suggest making money. Moreover, it seems that the article also has a fake comment section to make it appear as a formal news site.



When Eden checked with a

Card Validator, it was written that 'Twitter was redirecting to CNN.' However, 'Twitter's advertising system is a system that misleads users,' said Eden, as it was actually redirected to something other than CNN.



Under these circumstances, Eden said, 'Twitter manually reviews the ad', 'Verify that the advertiser is linking to the domain owned by him', and 'Two stages of the ad buyer 'Proofing' is mentioned as a solution.

in Web Application,   Security, Posted by darkhorse_log