Contents:
As evidenced by multiple ongoing operations carried out by cybercriminals, phishing emails are increasingly targeting verified Twitter accounts with emails intended to collect their login information.
On Twitter, a blue tick next to a user’s name indicates that the account has been verified. A verified account is one that has had its authenticity confirmed by Twitter. These accounts are often used by celebrities, politicians, influencers, journalists, private and public entities, and brands to show they are who they say they are.
Users must apply for verification in order to obtain this ‘blue badge,’ which includes submitting additional details such as ID cards, website references, and other motives that make their account worthy of being taken into consideration.
Why Are Verified Twitter Accounts so Appealing to Cybercriminals?
These accounts are particularly sought after by hackers to promote scam campaigns and malicious activity because they usually have a large number of followers or are regarded as an authority in some circles.
The fact that it’s pretty difficult to obtain a blue badge makes people who receive phishing emails warning that Twitter will take it away get scared and forget to double-check the message properly for indications of suspicious behavior.
Which Takes Us to…
According to BleepingComputer, over the past week, many of its reporters have been targeted with phishing emails purporting to be from Twitter Verified – Twitter’s verified account platform.
The targets were notified that there was a problem with their verified Twitter account and were advised to click on the ‘Check notifications’ button to find out more about what is wrong.
They were also warned that failing to respond to the message could result in the account being suspended.
A Closer Look into the Attack
When the recipient clicks on the ‘Check notifications’ link, they are taken to a page where they must type their account credentials.
Furthermore, the website will ask users to enter their credentials not once but twice, which the hackers use to ensure that incorrect information was not entered accidentally.
After targets enter their login details, the phishing kit will use the email address they provided to reset their password on your account. The phishing site will ask victims for a login verification code, which the cybercriminals will use to complete the password reset process.
Earlier this week, verified journalist Wudan Yan posted on Twitter the following message:
Someone I must have followed on Twitter who was blue-check verified sent this to me: pic.twitter.com/sGTlNelTki
— WUDAN YAN (@wudanyan) May 3, 2022
Yan described how the hackers changed her image, bio, and account name to seem to be Twitter and started sending additional DMs to promote the scam to other users.
Fortunately, Yan was able to recuperate her account rapidly, but others are not always so fortunate or are unaware that their accounts have been hacked.
How to Stay Safe?
Always check the URL of the landing page when receiving emails that direct you to login forms to ensure it coincides with the organization that supposedly emailed you.
If you’re unsure, delete the email and call the company directly to see whether it’s a scam or not.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.