As a security researcher who keeps an eye on Twitter to stay informed about developments in the world of cyber security, I noticed that as of August 2018, phishing ads targeting bank customers began to appear on Twitter. At first, I only reported these tweets to Twitter, but as the number of messages from my followers increased and these ads continued until October, I decided to take a closer look at this issue.
When I followed the link in one of the phishing tweets, I found that the scammers were stealing the customer’s username, password, verification code sent via SMS, and transfer verification code used during internet banking login.
Like many of you, when I see these sponsored phishing ads on Twitter, I have some questions and answers that come to mind:
As I looked for answers to these questions one by one, I can say that while I was unable to find an answer to the first question, I was surprised that Twitter appeared to be so helpless (or perhaps indifferent) in the face of these phishing ads. When I came to answer the second question, the likely reason that these accounts used for phishing are old, as stated on Twitter’s help page, was that they allow users to change their username. Based on this information, it can be said that these accounts used for phishing are probably hacked and used by scammers for their own purposes. As for the third question, how to detect phishing tweets, I decided to conduct a study using Optical Character Recognition (OCR) technology by identifying common keywords in Turkish such as “LUCKY” , “PARTICIPANT”, “ABOVE” in most messages.
After seeing that most bank customers are facing these phishing tweets and shared by official Twitter accounts of the banks, I quickly started to design a tool in my mind. The basic things the tool had to do were to search for bank names on Twitter, download the images shared in the tweets, analyze them using OCR, and send an email warning when the keywords “LUCKY” , “PARTICIPANT” , “ABOVE” were detected. I began coding this tool using Python, taking advantage of the Tweepy library, and a short time later, my Phishing Tweet Detector was developed.
After running the tool, a short time later, it was able to detect a phishing tweet shared by a Twitter user with a bank, and this helped the institution to fight against such scammers, thus my idea of helping citizens and institutions to fight against these types of scammers was successfully implemented. :)
Before I put an end to my article, I would like to emphasize that it is very, very important for those who come across phishing messages to report them to their banks and the social media platform as soon as possible (just like reporting a Tweet).
Hope to see you in the following articles.