Twitter verified account targeted in Phishing Campaigns
November 22nd, 2022 - Written By CyberLabs
Twitter is now charging $8 a month for Twitter Blue and account verification. With this many phishing emails targeting verified users started flooding.
— Elon Musk (@elonmusk) November 2, 2022
A new report on numerous phishing operations with a blue badge subscription theme that target Twitter-verified users. Paid users can expect to receive “Priority in answers, mentions & search, less adverts, and upload long video & audio” in addition to the blue badge. This new blue badge subscription process is being used by threat actors to target verified users.
You will also get:
– Priority in replies, mentions & search, which is essential to defeat spam/scam
– Ability to post long video & audio
– Half as many ads— Elon Musk (@elonmusk) November 1, 2022
Multiple phishing emails targeting Twitter-verified users have been seen by the security news company Bleeping Computer. Users are urged to sign into their Twitter accounts by the phishing emails to review the new verification rules. Users are taken to a phishing website after clicking the link in the email, where their Twitter username and password are stolen. According to investigation, the emails came from the servers of hacked websites, websites that housed out-of-date WordPress versions, or websites that had vulnerable plugins.
Recommendations
- Put in place a user education program to deter people from clicking on random links.
TestMyUser – Test My Users is a comprehensive user training and awareness platform which assists organizations while promoting security awareness in a convenient 3 Step Approach. With Test My Users, organizations can conveniently conduct Phishing campaigns as a part and parcel of a compendious security awareness training initiative.
- Using an anti-phishing solution for mail servers and endpoints to reduce the risk of infection from phishing
