As Twitter announces plans to charge users $8 a month for Twitter Blue and account verification under Elon Musk’s management, BleepingComputer has come across multiple phishing emails targeting verified users.
Twitter business model shakeup draws scammers in
Earlier this week, Elon Musk appointed himself as Twitter’s CEO and announced plans to revamp Twitter’s verification process.As a part of this review, Twitter initially proposed to start charging verified users a $20 monthly fee. Later, Musk stated the fee would be dropped to $8.
Other than receiving a blue tick following successful verification, paid users are expected to get “priority in replies, mentions & search,” fewer ads, and will be able to post longer multimedia content:
Price adjusted by country proportionate to purchasing power parity
— Elon Musk (@elonmusk) November 1, 2022
Following Musk’s tweets, BleepingComputer observed newer phishing campaigns emerging with threat actors now targeting verified accounts.
Like many phishing emails, these emails convey a false sense of urgency, urging the user to sign-in to their Twitter account or risk “suspension.”
Newer Twitter phishing campaigns target verifed accounts (BleepingComputer)
Analysis by BleepingComputer revealed these emails were originating from servers of hacked websites and blogs that may be, for example, hosting dated WordPress versions or running unpatched, vulnerable plugins.
Clicking on the link takes the user to the phishing webpage where threat actors misuse the $8 monthly fee announcement from Musk’s tweets:
Twitter phishing page collects credentials, warns of $8 monthly fee (BleepingComputer)
The phishing workflow collects user’s Twitter username, password, and proceeds to sending them a two-factor authentication code via SMS.
A more convincing phishing message also received and analyzed by BleepingComputer is shown below:
Another phishing campaign referring to Twitter’s new fee structure (BleepingComputer)
This email incorporates identical wording to the phishing page itself and has an overall look-and-feel that is more akin to Twitter’s branding.
Twitter verification: beyond vanity
Twitter blue badge with a checkmark have traditionally been offered to verified accounts of politicians, celebrities, businesses, public figures, influencers, news organizations and journalists.
Example Twitter account with verified badge and message (BleepingComputer)
The scarcity of blue badge accounts on the platform, compared to the vast majority of Twitter’s accounts that are unverified, has led to the “blue tick” being perceived by tweeters to be a vanity and status symbol.
Threat actors have also repeatedly targeted verified users via phishing, and sometimes hacked blue badge accounts to push crypto scams.
In other scams, threat actors have hacked verified accounts to impersonate another person to mislead the public or to send Twitter users fake ‘account suspension’ DMs.
Musk has dissed the existing verification process as “Twitter’s current lords & peasants system.”
However, other than being a perceived “status symbol” perception by some, the blue badge is primarily intended to separate real, authentic accounts of notable people from copycat and parody accounts created by third parties—at least in theory.
The verification is therefore intended to limit misinformation in the sense that users can see a tweet originating from a verified account is authentic and didn’t originate from someone impersonating a public figure.
In practice, however, results can vary as a hacked ‘verified’ account may continue to retain the blue badge even if the hacker changes the name, bio and profile picture on it, thereby making the presence of the badge futile to begin with.
If the blue badge becomes commoditized and available to just about anyone willing to shed $8 a month, Twitter will need to rethink its process to add authenticity to notable accounts.
One of the ways to achieve this could be, for example, to continue the use special labels on Twitter accounts of politicians and state-affiliated entities, which then creates some distinction between authentic accounts of public figures and those with a paid blue badge.
Twitter shows special labels on accounts of government officials (BleepingComputer)
Without a streamlined verification process that clearly separates authentic notable accounts from imposters, the problems of Twitter’s existing verification sphere won’t disappear anytime soon.
Source: BleepingComputer, Ax Sharma