HQ/EMEAFind out how we can help your business
Since Elon Musk’s acquisition of Twitter, the social media giant announced charging users $8 monthly for account verification and $4.99 monthly for the Twitter Blue subscription. However, research shows that these new subscription systems have attracted phishing operators to target verified Twitter users.
For those that have paid for the blue badges on their Twitter accounts, the platform said to make them a priority for replies, mentions, and searches, alongside being shown fewer advertisements and being able to post longer multimedia content.
After announcing the new subscription policies, researchers have observed new phishing campaigns against verified Twitter account users.
Based on the observed phishing campaigns, the threat operators alert the targets about a purported Twitter account suspension risk, urging them to sign in to their accounts promptly. The false sense of urgency would pressure the victims to act impulsively.
Experts explained that these malicious emails are from hacked website servers that run an older version of their hosting platform, likely unpatched against vulnerabilities. Once the victims click on the attached link, they are redirected to a phishing site where they are asked to input their username and password associated with the recent announcement of the $8 charge for the blue badges.
Two-factor authentication will also be sent to the users via text message upon entering their credentials.
Traditionally, having the blue badge on Twitter could signify a public figure’s status in the social media world, especially if they are celebrities, influencers, politicians, brands, or media. If a public figure has a blue badge, people can easily recognise their accounts as authentic and run by a real person, not by a fan or an impersonator.
However, these verified Twitter accounts are often a target of cybercriminals through phishing campaigns or being hacked to commit fraud or scam campaigns against the account owner’s large group of followers.
In some cases, the hacked verified accounts are altered, with the hackers changing their bio, profile photo, and name, without losing the blue badge. Experts underline how risky these incidents are once it strikes a targeted user.
Since the new subscription policies would allow anyone to have the blue badge, experts are concerned that threat actors would have a wider scope of victims in no time.
