New phishing campaign targets Twitter Blue users amid X rebrand confusion

X logo and Twitter logo with arrows showing swap
(Image credit: Shutterstock ID 2336591191)

A new phishing campaign is targeting Twitter Blue subscribers amid the social media platform’s messy transition to X, and the consequences could be catastrophic.

Twitter owner Elon Musk and new CEO Linda Yaccarino hope that the platform will soon become X, but the transition has been anything but smooth, with rebranding at the HQ going, well, not to plan. Furthermore, the discrepancy between the website and mobile apps is giving some users a complete headache.

Hoping to capitalize on this confusion, one threat actor is offering Twitter Blue subscribers to transfer their membership to X, but all this does is give the cybercriminal access to a user’s entire Twitter account.

Twitter Blue/X phishing emails

To an unsuspecting target, the email looks to come from a legitimate source, with the display name showing ‘sales@x.com.’ The email passes SPF authentication checks despite actually coming from mailing list platform Sendinblue (now known as Brevo). 

A screenshot of the email posted by Twitter user @fluffypony claims that a victim’s “existing subscription is nearing its expiration and requires migration,” with a link directing users to a completely legitimate API authorization page. The fact that it’s legitimate means that, upon approval, the threat actor then has access to a user’s Twitter account.

Along with a few view-only capabilities, the API allows the threat actor to amend follwers, update profile and account settings, post and delete Tweets, engage with other Tweets, and more.

Fortunately, revoking API access is fairly easy on Twitter, by navigating to Settings > Security and account access > Apps and sessions > Connected apps.

Checking these settings is generally a good idea whether you have been targeted by this phishing attack or not, purely in the interest of good Internet hygiene. For those not quick enough to disable the dodgy service, it’s unclear what the result could be. In the worst-case scenario, they could be locked out of their account with any manner of activity going on, in which case they may want to consider using identity theft protection software.

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!