Tag: verified
Marvel’s Guardians of the Galaxy is Steam Deck Verified and 70% off for the next few hours
Twitter’s encrypted DMs are here — but only for verified users
Twitter is beginning to roll out its long-promised encrypted direct messaging feature. However, the initial rollout comes with some major limitations that could make it less than ideal for privacy-conscious Twitter users.
Of note, the feature is currently only available to verified Twitter users, which includes Twitter Blue subscribers and those part of a “Verified Organization.” It’s not clear if this is just for the early rollout or if encryption will be added to the growing list of exclusive features for users with a checkmark. For now, an encrypted chat requires both users to be verified, according to the company.
There are also some significant limitations to the feature itself. It doesn’t support group messages, or any kind of media other than links. The company also doesn’t allow users to report an encrypted message directly, advising on a help page that users should report accounts separately if they “encounter an issue with an encrypted conversation participant.”
Finally, the level of encryption appears to be less secure than what other apps offer. For one, message metadata is not encrypted. Furthermore, Twitter notes that “currently, we do not offer protections against man-in-the-middle attacks” and suggests that the company itself is still able to access encrypted DMs without the participants knowing. “If someone–for example, a malicious insider, or Twitter itself as a result of a compulsory legal process—were to compromise an encrypted conversation, neither the sender or receiver would know,” the company explains on a help page. It added that it’s working on improvements that would make such exploits more “difficult.”
That’s particularly notable because it falls far short of the standard Twitter owner Elon Musk has described when expressing his desire to add encryption for Twitter DMs. He has said he wants it to be impossible for the company to access users’ encrypted messages even if “someone puts a gun to our heads.”
In a tweet, Twitter security engineer Christopher Stanley acknowledged the shortcoming. “We’re not quite there yet, but we’re working on it.”
For those who are verified and want to try out the feature anyway, encrypted messaging can be accessed via the info menu (that’s the same menu you use to block or report a conversation) within a particular DM. Once encryption is enabled, the encrypted messages will appear as a separate message thread with labels at the top of the chat to indicate that the conversation is encrypted.
This article originally appeared on Engadget at https://www.engadget.com/twitters-encrypted-dms-are-here–but-only-for-verified-users-234934842.html?src=rss
Hacked verified Facebook pages impersonating Meta are buying ads from Meta
Sketchy Facebook pages impersonating businesses are nothing new, but a flurry of recent scams is particularly brazen. A handful of verified Facebook pages were hacked recently and spotted slinging likely malware through ads approved by and purchased through the platform. But the accounts should be easy to catch — in some cases, they were impersonating […]
Hacked verified Facebook pages impersonating Meta are buying ads from Meta by Taylor Hatmaker originally published on TechCrunch
Scammers hack verified Facebook pages to impersonate Meta and Google
If you see a verified page, complete with the blue checkmark, on Facebook…don’t automatically assume that page is legit.
Mashable can confirm that a number of fake Facebook business pages have been masquerading as companies such as Google and even Meta itself.
In all of the pages viewed by Mashable, the verified Facebook pages appear to have been hacked, with their page name and Facebook URL changed in the past week. Some of these pages had millions of followers. Each display a blue verification badge that says “Facebook confirmed this profile is authentic.”
Credit: Mashable Screenshot
However, most concerning is that each hacked page was approved to run ads across Facebook’s network and every one appears to have been doing so. It’s unclear just how far reaching these scam ads went and how many Facebook users have potentially fallen victim.
The scam ads direct users to click a fake Google or Facebook URL where they are brought to a bogus Google Sites page impersonating the company. Once on the page, the user is directed to download supposed Facebook Ad tools or Google AI software, depending on which ad they clicked. In the file links viewed by Mashable, users were directed to a .rar file hosted on a Trello page which very likely contains malware.
Credit: Mashable Screenshot
In every case viewed by Mashable, page managers were added to these hacked pages from numerous countries that had no connection to the location of where the original page owners were based. While not automatically indicative of anything as social media managers can be located anywhere, each hacked page did include 3 page managers from Vietnam, a hotbed of scammer activity on Facebook as previously reported by Mashable.
Several hacked pages had millions of followers
The largest hacked page appears to have belonged to Miss Pooja, a famous singer in India. The page has over 7 million followers. On April 29, the page name was changed to “Google AI.” The URL was also changed to “facebook.com/Google.BardAI2”.
Credit: Mashable Screenshot
On May 3, the page started running ads on Facebook, including one that included the copy “NOTIFICATION This is the only and official Google Bard PAGE with verification, all other pages are fake.” The ads directed users to visit domains like “aifuture.wiki” and “bardai.bio.”
Credit: Mashable Screenshot
If a user clicked on one of these links, they were taken to one of the aforementioned fake Google Sites pages purporting to be an official Google website. For these particular ads, a user was taken to a page titled “Google AI Marketing” where they were asked to “Download Google AI Marketing.” Clicking on that link would automatically download a malicious “Google_AI_Marketing.rar” file, which was hosted at Trello, a popular project management tool.
Credit: Mashable Screenshot
Miss Pooja wasn’t the only star from India who was targeted. Indian singer-songwriter Babbu Maan also had his verified Facebook page, with 3 million followers, hacked. Maan’s page was soon changed to “Meta Ads,” which ran Facebook ads with similar copy as the fake Google page. These ads, however, pushed used to a “metaadstools.com” domain.
Credit: Mashable Screenshot
Düzce Üniversitesi, a university in Turkey, also had its verified page with more than 28,000 followers, hacked. Its Facebook page was also quickly disguised as an official “Meta Ads” page, complete with the Meta logo as its profile picture. It too began running ads but to the domain “fbadstools.com.”
Both hacked page impersonating Meta attempted to trick users into downloading a “Meta Ads Manager” tool. The link would download a malicious file titled “Facebook_Ads_Manager.rar” which was also hosted at Trello.
Credit: Mashable screenshot
Over the past few days, warnings began to spread about these fake pages in various different Software-as-a-Service (SaaS) and social media groups on Facebook. Matt Navarra, a prominent social media consultant, proceeded to highlight the issue as well in the past day.
“We invest significant resources into detecting and preventing scams and hacks,” a Meta spokesperson said in a statement provided to Mashable. “While many of the improvements we’ve made are difficult to see – because they minimize people from having issues in the first place – scammers are always trying to get around our security measures. We regularly improve our methods for combating these scams and have built teams dedicated to improving the support we can offer to people and businesses.”
It should be noted as well that Meta released a security report about the concerning new types of malware it was seeing across its platform and the web as a whole just earlier this week. Some of the threats Meta described overlap with the type of scams being promoted by these pages.
All hacked Facebook pages that Mashable had viewed have since been removed from the platform.
While it appears that the hacked Facebook pages had all received verification from Facebook prior to its new paid verification system, Meta Verified, the new feature allowing users to pay for a blue checkmark could potentially cause additional problems.
Even if Meta specifically verifies each one, these latest hacks show how scammers can take over an existing verified page to trick users. And, with anyone now able to pay $15 for verification, the pool of potential targets for hackers to go after to perpetuate their scams just grew significantly.
UPDATE: May. 5, 2023, 4:30 p.m. EDT This story was updated to include a statement from Meta.
Blue verified checkmarks are coming to Gmail
Google is going to start displaying a blue checkmark next to select senders’ names on Gmail to verify their identity, the company announced on Wednesday. The new blue checkmarks will automatically appear next to companies that have adopted Gmail’s existing Brand Indicators for Message Identification (BIMI) feature. The BIMI feature, which rolled out in 2021, […]
Blue verified checkmarks are coming to Gmail by Aisha Malik originally published on TechCrunch
Redfall’s system requirements look reasonable – and it’s already Steam Deck Verified
Twitter verified a fake Disney account created by a troll
Twitter users have been taken for quite the ride over the past few days when it comes to the site’s verification system.
On Thursday, Elon Musk removed the “legacy verified” blue checkmarks from users who received them prior to his acquisition. Then he started “gifting” Twitter Blue verified badges to specific celebrities who publicly said they wouldn’t pay $8 to keep their checkmarks. Over the weekend, he began to apply Twitter Blue subscriptions to prominent users talking about #BlockTheBlue (including the author of this piece). Then he went ahead and just gave them out to almost every Twitter user with more than 1 million followers.
And that’s just the blue ticks. During this whole debacle, Twitter had accidentally removed gold checkmarks, a Musk-introduced badge for organizations and companies, from business accounts. The company quickly let these businesses know they’d be restoring these gold checkmarks – which cost some of these users $1,000 per month – as quickly as possible.
Well, it seems in the process of doing that, Twitter verified the wrong account. And not just any wrong account. Twitter verified a fake Disney account that appears to be created specifically for trolling.
On Monday morning, Twitter users noticed that the @DisneyJuniorUK account had received a gold checkmark, a sign that Twitter had verified a business-owned account as being official on the platform.
One problem: @DisneyJuniorUK is not an official Disney account. According to the owner of the account, Twitter user @7virtues_, they had set it up back in 2021 and mostly used it for shitposts.
Twitter eventually suspended the account entirely this morning, but not before @DisneyJuniorUK had some fun with its newly-acquired gold checkmark.
“no fucking way,” @DisneyJuniorUK tweeted when first realizing the account had been verified. “this isn’t actually real right? someone fucking pinch me or something.”
Users quickly verified it was real by clicking on the gold checkmark and seeing the official description of the account.
Then the posting from @DisneyJuniorUK really began. Among some of the more random tweets, the account fully pretended to be a Disney-affiliated profile with a tweet claiming that South Park was coming to Disney’s streaming network, Disney+.
Readers, we can confirm that South Park is most definitely not coming to Disney+.
Anyway, this whole thing lasted just a few hours before Twitter pulled the plug. But, it just goes to show that it’s getting harder for users to trust what they see on Twitter now. Even for Twitter itself.
Twitter gives fake Disney account verified status
Daily Crunch: Starting today, Twitter says all advertisers must obtain verified accounts
Hello, friends, and welcome to Daily Crunch, bringing you the most important startup, tech and venture capital news in a single package.
Daily Crunch: Starting today, Twitter says all advertisers must obtain verified accounts by Christine Hall originally published on TechCrunch