As Twitter announces plans to charge users $8 a month for Twitter Blue and account verification under Elon Musk’s management, researchers have come across multiple phishing emails targeting verified users. Earlier this week, Elon Musk appointed himself as Twitter’s CEO and announced plans to revamp Twitter’s verification process. As a part of this review, Twitter initially proposed to start charging verified users a $20 monthly fee. Later, Musk stated the fee would be dropped to $8. Other than receiving a blue tick following successful verification, paid users are expected to get “priority in replies, mentions & search,” fewer ads, and will be able to post longer multimedia content. Following Musk’s tweets, researchers observed newer phishing campaigns emerging with threat actors now targeting verified accounts. Like many phishing emails, these emails convey a false sense of urgency, urging the user to sign-in to their Twitter account or risk “suspension.” Research has revealed these emails were originating from servers of hacked websites and blogs that may be, for example, hosting dated WordPress versions or running unpatched, vulnerable plugins. Clicking on the link takes the user to the phishing webpage where threat actors misuse the $8 monthly fee announcement from Musk’s tweets. The phishing workflow collects the user’s Twitter username, password, and proceeds to send them a two-factor authentication code via SMS.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in