New phishing campaign lures victims with new Elon Musk Twitter verification rules

Twitter Blue
(Image credit: Twitter)

Elon Musk's purchase of Twitter is being used by scammers as a lure to steal login credentials from “famous or well-known” persons, or those believing to fit the category. 

A new phishing campaign is based around Elon Musk’s plan to monetize Twitter’s Blue Checkmark, a symbol given to accounts whose identities have been verified and is used to minimize impersonation fraud that’s rampant on the platform.

In the phishing email, it is said that the blue checkmark will soon cost $19.99, but only for those who are not “famous or well-known”. Those that fit the category will be able to use the feature for free, all they need to do is confirm their identities. 

Providing crooks with sensitive intel

As usual with phishing emails, this one comes with a “Provide Information” link, where victims are redirected to verify their identities. The site is a Google Doc under a Google Sites URL. The landing page comes with an embedded frame that’s actually hosted on a Russian hosting platform.

The whole campaign is relatively amateurish and brimming with red flags. The email is being sent out from a Gmail address (twittercontactcenter), rather than Twitter’s domain, which is arguably the biggest red flag. Then there’s the fact that the blue checkmark won’t cost $19.99, but $8, as was confirmed by the platform. Lastly, there is absolutely no reason for the feature to be free for famous persons.

Other common indicators of phishing emails are the omnipresent sense of urgency (phishing emails always try to scare people into recklessly doing something), as well as typos, spelling errors, and other mistakes.

TechCrunch says Google took down the phishing site soon after being tipped off on its existence. 

Via: 9To5Mac

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.