Twitter users with “verified” status have been bombarded by phishing attempts via email and on the platform itself, after Elon Musk’s arrival as owner, according to reports.
The self-proclaimed “chief twit,” who sacked the board of the social networking firm to become sole director, wants to charge “blue tick” verified users $8 each per month to retain their status and be enrolled in the site’s premium service, Blue.
It’s widely seen as a potential way to make money from the perpetually under-performing platform, while reducing the number of bots and inauthentic accounts.
However, the publicity surrounding the move has already attracted cyber-criminals.
Some verified users posted screenshots of a phishing email they received from a twittercontactcenter@gmail domain, asking them to click through to confirm their identity, or risk losing their status.
Doing so would take them to a phishing page where they’re asked to submit various account details, which could be subsequently used to hijack those accounts.
Separately, some users posted screenshots of messages they’ve received on the site itself.
One masquerades as a ‘removal notice,’ urging them to visit what is presumably a phishing URL in order to prevent permanent removal of their blue badge.
“After careful review we determined your account is inauthentic. Your account has been added to the blacklist,” the message reads. “If you think we got this wrong you can submit an appeal by following the link below. Otherwise, your verified blue badge may be permanent removed within 24 hours.”
Security experts urged users to think carefully when they receive unsolicited messages, especially ones that try to instil a sense of urgency in the response.
“I’ve been getting spear-phished by credential theft spam posing as a verified user change since last Friday. Attackers capitalize on high profile, chaotic events and changes to drive pretext for lures likes this,” explained Bugcrowd founder Casey Ellis.
“This campaign is a reminder that it doesn’t need to be a hurricane, a pandemic, or other kind of calamity to trigger this kind of attacker behavior. I recommend using multi-factor authentication and ‘think twice, click once’ to help mitigate this.”