Twitter verification phishing scams are causing confusion

We’re only days from when Elon Musk closed his deal of acquiring Twitter for $44 billion, despite much theatrics. Musk has since promised that Twitter “won’t turn into a free-for-all hellscape.” Yet, it’s off to a rough start under Musk with cyber criminals trying to capitalize on confusion with fake phishing emails designed to steal verified Twitter user passwords.

As first documented by Social Proof Security CEO Rachel Tobac and TechCrunch reporter Zack Whittaker, an email is sent to the user with a convincing message warning them “Don’t lose your free Verified status.”

https://twitter.com/zackwhittaker/status/1587189238348615681

Rumors have been running rampant since Musk bought Twitter that verified status—the infamous “blue check mark” next to a user’s handle—could become a feature that users must pay for to maintain going forward.

Some of the phishing campaign emails linked to a Google Form to collect the information, which have since been taken down, per Google. Other forms used Beget, a web hosting provider located in Russia.

As of today, there has been no official announcement from Elon Musk if paid verification will become the way forward. It also is unknown if anyone who is verified today would retain status, while new verification requests would be paid. Either way, it’s become fuel for a disinformation nightmare.


Discover more from Cybersecurity Careers Blog

Subscribe to get the latest posts sent to your email.