Twitter’s Verification Confusion Leading to New Phishing Attacks

Twitter’s Verification Confusion Leading to New Phishing Attacks

The new owner of Twitter, Elon Musk, has recently caused some controversy regarding some new changes he would like to make to the social media platform. Musk announced that he would like to revamp the verification system on Twitter and start charging for Twitter Blue, which would give users more features along with the blue checkmark.

Scammers are already attempting to capitalize on this new proposal and have been sending phishing emails to a large number of Twitter users trying to trick them into giving up their Twitter credentials. The emails were sent under a gmail account,, and provided a link for already verified accounts to confirm that they are a “well-known person” before they are forced to pay $19.99 a month to keep their verified status. Clicking this link leads to a google doc, which then leads to a site hosted on Russian web host, Beget, which asks users to enter their username, password, and phone number.

Google has since taken down the phishing site a short time after being alerted of the issue by TechCrunch. TechCrunch also alerted Beget of the phishing website, and the site was pulled from operation there as well.

Security professionals have noted that it is not surprising to see a threat actor has taken advantage of the recent chaos surrounding Twitter. The social media platform has yet to make a public decision about its verification program, which was originally designed to confirm the authenticity of certain accounts, such as government officials, celebrities, businesses, etc. It is likely we will continue to see more phishing campaigns that will take advantage of the lack of clear information given by Twitter under Elon Musk.

Find out more: