Verified user accounts on Twitter are warned about an ongoing phishing campaign which aims to steal account credentials. Those verified users on Twitter have a blue checkmark or badge beside their names, indicating their status as celebrities, politicians, and other figures representing their distinction.
All verified users must submit a list of their information for Twitter to verify and apply the blue badge on their accounts, including identification cards, website links, and other proof that the person is eligible for the verification.
The following count of these verified public figures is what many threat actors are after since they can propagate malicious activities to the people who support the owner of the verified Twitter account.
Researchers detected a phishing campaign targeting verified Twitter users by spoofing the social media firm and saying they must check an issue regarding their verified accounts.
Since most of these users quickly react to problems relating to their blue badges, hackers find them to be an easy target for phishing campaigns. The malicious email sent by the threat actors says that they must click the attached link, ‘Check Notifications’, to learn more about the issue. Failure to do so will result in an alleged account suspension, making the victims react without thinking.
The victim will be redirected to a site that requires them to enter their login information. The data will be sent to the hackers’ servers, allowing them to reset the user’s Twitter account password.
For instance, a known journalist with a verified Twitter account has recently been victimised by an email phishing scam. Being clouded by worry, they provided their credentials to the phishing page that allowed the hackers to access their accounts and change their profile photo, bio, and account name. The hackers could perform more scam operations on the victims’ followers since the people would believe they were talking to a legitimate account owner.
Some users are fortunate to be able to recover their hacked accounts sooner. However, others fail to take prompt action to retrieve their verified Twitter accounts, while others are not even aware that a malicious threat actor has accessed their accounts.
Hackers would always find ways to launch malicious activities to defraud incautious people. Cybersecurity experts strongly advise people to know the most common signs of email phishing scams to avoid being victimised.
