New Phishing Scam Targets Verified Twitter Accounts

The ambiguity around Twitter’s verification system has become a cybersecurity concern as threat actors are using the uncertainty to fuel a recent round of phishing emails.

The month-long “will he or won’t he” saga surrounding Elon Musk’s purchase of Twitter effectively came to an end on October 28th when he officially acquired the social media platform for approximately $44 billion.

One of the first Twitter features Musk indicated he would change is the verification process. Since Twitter’s inception, the platform has offered a “verified badge,” which is a small blue check mark on accounts to notable users, including politicians, organizations, journalists, athletes and other public figures.

Being “verified” has been an important feature for the social platform where spambots and ill-intentioned people can easily create a fake account imitating a news source or public figure. If you are an avid Twitter user, you most likely use the blue check mark to validate the source of content—something especially important in the environment over the past few years.

After officially taking over, Musk made clear his plan to change the verification process, suggesting a paid subscription for every user as part of the existing Twitter Blue premium subscription. He initially considered a $19.99 monthly fee, but following backlash, recently suggested an $8 package that includes less advertisements, priority interactions and extended media capabilities in addition to the verified badge. However, it is important to note nothing is official as of the timing of this article.

This, of course, has set off many users who were already opposed to Musk owning Twitter—those who were vocal in their opposition of a paid requirement of any kind, citing the danger of verifying anybody who wants to be and in turn, making it extremely difficult to trust information.

This debate about a new paid verification process has become a popular headline, which in turn, has gained the attention of threat actors who wasted no time getting involved.

There have been several reports circulating with regard to a new phishing campaign  that attempts to obtain account usernames and passwords from existing users under the guise of a Twitter help form. The email targets existing verified accounts, requesting users provide account information to keep the free verified status before the $19.99 a month fee starts on November 2, 2022.

As with most phishing campaigns, there are obvious warning signs the email is fraudulent. The sender email address is "[email protected]", the subject line is “RE: Twitter Warning” and there is a soft sense of urgency with the narrative. 

It is also important to note that, unlike many phishing campaigns, there is no request for financial information and those who are managing social media for businesses or public figures may use poor judgement and just chalk up the request as part of the “new” Twitter verification process. 

This phishing campaign was built through several Google apps that may have helped it bypass Google’s automatic scanning tools and included an embedded Russian web host. The campaign was eventually taken down, but is likely just the first of many campaigns trying to capitalize on both rumored and real changes to Twitter under its new ownership.

Twitter is aware of the recent phishing campaign and has tweeted a reminder from @TwitterSupport reminding users that they will never solicit users for login information via email, DM or non-Twitter websites.

Regardless, the fact that we rely on the verified badge on the Twitter Support account to trust the information is ironic given the topic of the article.

The new Twitter model should be an interesting experience at the very least.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of expert practitioners offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected]

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Norton Believes Credential Stuffing Attack Led to LifeLock Breach
Why Cybersecurity Programs are Facing Increased Scrutiny from Private Equity Firms
Start The New Year Off Secure: 5 Cybersecurity Resolutions for 2023
TikTok: Spreading Holiday Cheer and Personal Information
Cybersecurity BY David Murphy
Key Benefits of Server Message Block Signing
SEC and PCAOB Developments Conference Day 1
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×