When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Cybercriminals are already sending phishing emails about Twitter's verification revamp

A zoomed in phone screen with the Twitter app logo prominent in the center

When business mogul Elon Musk completed his acquisition of Twitter, one of his first tasks was to overhaul the microblogging site's verification process. Under the order, the verification badge will be bundled with the Twitter Blue subscription, which was initially ordered to cost $19.99/month. Current badge holders will have up to 90 days to start paying the new fee before they lose their verified badge.

Not long since this made the news, cybercriminals are already taking advantage of the proposed change by sending phishing emails to verified users, as TechCrunch security editor Zack Whittaker recently spotted:

Twitter
The fraudulent email claiming to come from Twitter | via Zack Whittaker

The message claiming to be from Twitter says that the verification badge will cost $19.99 per month starting November 2, 2022 for some users. If the recipient doesn't want to pay the monthly fee, they need to confirm that they are a "well-known" person.

If the recipient clicks on the "Provide Information" link, they will be asked to enter their Twitter username, password, and phone number. At this point, any provided information will be sent to cybercriminals for identity or financial theft.

There are plenty of indicators that this is a phishing email. For starters, it comes from a twittercontactcenter@gmail[.]com address rather than an official Twitter domain. It also opens a Google Doc under a Google Sites URL instead of the official Twitter website.

Even "Chief Twit" Elon Musk isn't sure yet if they will end up charging $19.99 for the new verification system. This is his response to an unhappy tweet by author Stephen King on (not) paying $20 to keep his blue check:

Google took down the phishing site as soon as TechCrunch alerted them. However, given that these scams have cropped up quickly since Musk took over Twitter, it's likely that there will be more Twitter-related phishing campaigns appearing in the future.

To protect yourself from phishing attacks, always be careful when clicking on links or downloading attachments from unsolicited emails. Also, always check the URL of the site you're on; if it doesn't start with twitter.com, for example, then it's likely fraudulent. Finally, enable two-factor authentication to ensure that threat actors will not be able to access your account even if they get a hold of your username and password.

Source: TechCrunch

Report a problem with article
Tech Tip Dark mode
Next Article

How to turn dark mode on and off on iOS, Android, and Windows

Windows 11 10 and 7 Logos
Previous Article

Statcounter: only 15% of Windows users upgraded to Windows 11

Join the conversation!

Login or Sign Up to read and post a comment.

1 Comment - Add comment