Watch Out! Verified Twitter Accounts Are Targeted in Phishing Attacks
In these Phishing Emails Users Are Informed that Ignoring the Message Could Result in Account Suspension.
Last updated on June 8, 2022
As evidenced by multiple ongoing operations carried out by cybercriminals, phishing emails are increasingly targeting verified Twitter accounts with emails intended to collect their login information.
On Twitter, a blue tick next to a user’s name indicates that the account has been verified. A verified account is one that has had its authenticity confirmed by Twitter. These accounts are often used by celebrities, politicians, influencers, journalists, private and public entities, and brands to show they are who they say they are.
Users must apply for verification in order to obtain this ‘blue badge,’ which includes submitting additional details such as ID cards, website references, and other motives that make their account worthy of being taken into consideration.
Why Are Verified Twitter Accounts so Appealing to Cybercriminals?
These accounts are particularly sought after by hackers to promote scam campaigns and malicious activity because they usually have a large number of followers or are regarded as an authority in some circles.
The fact that it’s pretty difficult to obtain a blue badge makes people who receive phishing emails warning that Twitter will take it away get scared and forget to double-check the message properly for indications of suspicious behavior.
Which Takes Us to…
According to BleepingComputer, over the past week, many of its reporters have been targeted with phishing emails purporting to be from Twitter Verified – Twitter’s verified account platform.
The targets were notified that there was a problem with their verified Twitter account and were advised to click on the ‘Check notifications’ button to find out more about what is wrong.
They were also warned that failing to respond to the message could result in the account being suspended.
When the recipient clicks on the ‘Check notifications’ link, they are taken to a page where they must type their account credentials.
Furthermore, the website will ask users to enter their credentials not once but twice, which the hackers use to ensure that incorrect information was not entered accidentally.
After targets enter their login details, the phishing kit will use the email address they provided to reset their password on your account. The phishing site will ask victims for a login verification code, which the cybercriminals will use to complete the password reset process.
Earlier this week, verified journalist Wudan Yan posted on Twitter the following message:
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.