Twitter is in a new era under the management of Elon Musk. Since day 1, Musk started making huge changes to the company, including asking for $8 a month for Twitter Blue and account verification. It’s a dream come true for users, but apparently, cybercriminals did not waste a second to capitalize on it.
The social media giant has been targeted in the past with multiple cyberattacks, particularly those regarding verified accounts. When a phishing campaign creates some sort of urgency in a fake email, the victims are bound to fall for it.
Now, threat actors are making use of this new “Verification Fee” to trick users into submitting their Twitter credentials. What is this campaign all about? How does the $8 fee fit into this? Here’s everything we know.
Twitter Phishing Attack – Pay, Get Verified, Get Phished
Alright, so let’s address the elephant in the room before we get to the phishing campaign. Verifying badges have been sought by every single user on Twitter.
Be it for status purposes or just vanity, Blue Badges say a lot about an individual. But the main purpose of these badges is to identify celebrities, businesses, politicians, public figures, influencers, news organizations, and journalists.
This also helps Twitter users to differentiate between fake/parody accounts and real ones. Unfortunately, this will be a very hard task as everyone can now be verified if they shell out an $8 fee a month.
Following Musk’s Twitter takeover, Twitter initially proposed to start charging verified users a $20 monthly fee.
However, that changed to $8 later on. Not only do the users get a badge, but they also get premium privileges such as priority in replies, mentions/searches, fewer ads, and the ability to post longer multimedia content.
There’s one more thing users would get once they’re verified – a fake phishing email. Yes, apparently threat actors are capitalizing on this new announcement to commit new malicious practices.
More than Just an $8 Fee
Just like most phishing attacks that target Twitter, this campaign includes an email that conveys a false sense of urgency – you either sign in with your user account or Twitter will suspend it.
Of course, there’s a link inside the email, which redirects the victims to a Twitter sign-in page. You can clearly see how this phishing webpage is utilizing the $8 monthly fee:
This is where it all happens, but it’s not where it ends. While you’ll be giving the cybercriminals everything they want on this page, they actually have another message that might seem more legit:
Bleeping Computer was all over the campaign from the start. Thanks to this trusted firm, Twitter users can take proper precautions and avoid falling victim to this scam.
Twitter Verification Scam – Paying in Private Information
If Twitter is commoditizing the verified status, we’ll have to think twice before we trust the authenticity of an account. A badge for $8 a month, talk about a pay-to-win game in a bigger social media battle royal.
Things are uncertain in terms of Twitter’s direction. When more users get verified, rest assured that phishing attacks are going to increase as well – Twitter phishing campaigns are very common.
All you have to do to avoid such predicaments is to sign in with your credentials on Twitter’s official website. Never click on a link and submit your information – it’s your privacy at hand.