Phishing emails are increasingly targeting verified Twitter accounts with emails designed to steal their account credentials, as seen in numerous ongoing campaigns by threat actors.
Verified accounts on Twitter are denoted by a blue checkmark next to their name, indicating that the account holders are notable influencers, celebrities, politicians, journalists, activists, and government and private organizations.
To receive this “blue badge”, Twitter users must request verificationwhich involves submitting additional information, including IDs, website references, and other reasons that make your account “notable.”
These accounts usually have large followings or are considered “authoritative” in certain circles and are therefore highly sought after by threat actors to promote scam campaigns and malicious activities.
At the same time, since earning a blue badge isn’t easy, emails warning that Twitter will take it down tend to get people to react quickly without properly analyzing the message for early signs of suspicious behavior.
Targeting verified Twitter users
Over the past week, many BleepingComputer journalists have been the target of phishing emails claiming to be from Twitter Verified – Twitter’s verified accounts platform.
These emails indicate that there is a problem with the recipient’s verified account and they should click “Check Notifications” to learn more about what is wrong.
Phishing emails warn that ignoring this message could result in account suspension.
By clicking on the “Check notifications” button, the recipient is directed to a page inviting them to enter their login credentials. Additionally, the page will prompt users to enter their credentials twice, which hackers use to verify that incorrect information has not been entered by mistake.
After entering the credentials, the phishing kit will perform a password reset on your account using the entered email address. The phishing page will prompt targets to enter a login verification code, which hackers will use to complete the password reset process.
While phishing pages clearly don’t belong on Twitter, mistakes do happen in our often hectic lives and victims usually submit their credentials by accident.
Just yesterday, verified reporter Wudan Yan admitted to falling for a similar phishing scam targeting verified Twitter users promoted via DMs on the social site.
In a thread on Twitter, Yan shares his experience and how threat actors changed his image, bio and account name to appear like Twitter and started sending other DMs to promote the scam to people. other users.
Luckily, Yan was able to get his account back quickly, but others aren’t always so lucky or unaware that their accounts have been hacked.
In these cases, the accounts are commonly used to promote a variety of scams to their followers, usually cryptocurrency scams.
In 2021, threat actors carried out a large-scale breach of numerous verified Twitter accounts to promote a fake Elon Must cryptocurrency donation scam.
Although you may think this is ridiculous and no one would fall for a scam like this, threat actors made over $580,000 in just one week.
As always, when you receive emails leading to login forms, be sure to review the landing page URL and make sure it matches the company that allegedly sent you the email. -mail.
If in doubt, reject the email and contact the company directly to verify if the email was a scam.