Cybercriminals are taking advantage of Twitter verification revamp


Posts: 8,495   +105
Staff member
In brief: If there's one thing hackers like to exploit, it's the latest headlines. Following news that Elon Musk plans to charge $20 per month for Twitter's blue-tick verification status, cybercriminals are sending out phishing emails that claim to be part of the new process.

Musk recently announced that as the new Twitter owner, one of his first tasks is revamping the verification process. According to reports, this will involve making Twitter Blue—the optional $4.99 per month subscription that gives users extra features—more expensive, but it will also verify subs. Those already verified will be given 90 days to subscribe or lose their verified status.

The world's richest man has reportedly given Twitter engineers working on the project until November 7 to launch it. If this deadline isn't met, the employees will be fired.

Some scammers are already trying to take advantage of the change by sending phishing emails to verified users claiming they won't have to pay for their blue check mark by confirming they are a "well-known" person.

There are plenty of giveaways in the email that expose it as a phishing scam. In addition to the unprofessional wording and style, it comes from a Twittercontactcenter@gmail address rather than an official Twitter domain. Still, there will doubtlessly be some people taken in by it.

TechCrunch writes that clicking the "Provide Information" button takes people to a Google Docs page, which should be another red flag. It contains a link to a Google site, which lets users host web content—it's likely designed to try and avoid Google's phishing detection tools. This page contains an embedded frame from another site where users are asked to submit their account username, password, and phone number.

Even if someone has two-factor authentication enabled and avoids having their account compromised, they've still given away personal data, including a password that they might be reusing on other sites.

Google took down the phishing site after TechCrunch alerted them to it. But expect to see more scams of this type as Musk continues implementing changes at Twitter.

Permalink to story.



Posts: 1,282   +1,562
Dear God, when will humans STOP falling for phishing scams? Some people need to be kept FAR AWAY from electronic devices!