Not long after Elon Musk’s proposed Twitter verification overhaul made headlines, cybercriminals quickly began to take advantage of the situation in a round of phishing emails aimed at stealing the passwords of verified accounts.
Phishing emails are fake emails that can appear to be from a trusted source but are actually sent by bad actors. They’re designed to trick a person into revealing sensitive information or even downloading malicious software on the victim’s computer.
According to TechCrunch, a new phishing campaign attempts to get Twitter users to enter their username, password, and phone number on the attacker’s website, which is disguised as a Twitter help form.
The email claims that for some users, the verification badge will now cost $19.99 per month starting November 2, 2022. It also states recipients don’t have to pay the monthly fee if they confirm that they are a “famous or well-known” person.
Once a receipt clicks “Provide Information,” they are directed to a Google Doc under a Google Sites URL, where the page itself contains an embedded frame from another site hosted on a Russian web host, Beget. The multiple layers of obfuscation are likely in an attempt to evade Google’s automatic scanning tools that look for malware and malicious activity.
Key phishing indicators
There are plenty of indicators that this is a phishing email, regardless of the $19.99 per month Twitter Blue price, which we now know will be $8 per month. First off, the email comes from a Gmail address as twittercontactcenter@gmail[.]com rather than Twitter’s official site. This is something that should always scream out to you, especially from a company of Twitter’s size.
A sense of urgency and spelling errors are also common indicators. Attackers like to use urgency to get people to do things quickly with little thought. The email above demonstrates this by getting people who think they may be “famous or well-known” to act before November 2.
Google took down the phishing site shortly after TechCrunch alerted them. However, we’ll likely continue to see more phishing campaigns as scams take advantage of the lack of clear information from Twitter under Elon Musk.
FTC: We use income earning auto affiliate links. More.