An account posing as PayPal used a paid promotion on Twitter to bait users into sharing their personal information under the guise that they were entering an end-of-year contest. The story, first reported by The Next Web, states the tweet (which has now been deleted) came from @PaypalChristm, an account with a following of less than 100. A link included in the tweet reportedly led to a page that appeared similar to that of PayPal’s login page, and requested users input their personal information and credit card details.
Commenting on the news is Javvad Malik, security advocate at AlienVault:
“Many companies like Twitter or Facebook will automate the advertising purchasing process for speed and convenience. However, it illustrates the fact that automation can be used against you if not implemented correctly. Currently, not everything can, or should be automated, especially in times where misinformation and scams are daily threats for social media companies. It’s not too dissimilar to how security operations centres (SOCs) that are responsible for monitoring and responding to security threats can automate some parts easily, but need manual intervention in other parts so as to not have the automation used against them.”