Following Elon Musk’s decision to charge verified users a $20 monthly fee for the verification badge, cybercriminals are already taking advantage of it.
According to reports, these criminals are already sending phishing mail to Twitter users, which is designed in a way that when the link is clicked, they will be able to access the passwords of these users to carry out their mischievous acts.
The email is sent from a Gmail account and links to a Google Doc with another link to a Google Site, which lets users host web content. This, according to cyber security experts is done, to create several layers of obfuscation to make it more difficult for Google to detect abuse using its automatic scanning tools.
Tekedia Mini-MBA edition 14 (June 3 – Sept 2, 2024) begins registrations; get massive discounts with early registration here.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
On Twitter, a security editor at TechCrunch Zack Whittaker posted a screenshot of a phishing mail sent by a hacker to a Twitter user.
He said, “Twitter’s ongoing verification chaos is now a cybersecurity problem. It looks like some people (including in our newsroom) are getting crude phishing emails trying to trick people into turning over their Twitter credentials.
“Phishing emails are sent from a Gmail account and point to a Google Doc with a link to a Google Site. Yes, incredibly crude, but looks like this. Clearly capitalizing on the uncertainty around Twitter verification. I forwarded details to Google to review/takedown”.
The email with the subject ‘Twitter Warning’ which is titled ‘Don’t lose your free verified status’ reads, “The verification Badge will be $19.9 per month for some users after November 2, 2022. These users are users that we cannot fully verify are famous or well-known people.
“You need to give a short confirmation so that you are not affected by this situation. To receive the verification badge for free and permanently, please confirm that you are a well-known person.
“If you don’t provide verification, you will pay $19.99 every month like other users to get the verification badge”.
Google has reportedly taken down the phishing mail following an alert from TechCrunch company. A Google spokesperson said, “Confirming we have taken down the links and accounts in question for violations of our program policies.”
Some users on the micro-blogging platform disclosed how they have fallen for phishing scams in their DM a week before the Elon takeover.
A Twitter user said, “They used my hijacked blue check to lure other blue checks to the scam”.
According to reports, phishing emails have skyrocketed in the last week, following Musk’s plan to charge verified users for the verification badge.
However, Twitter is yet to react to this info, and has also not disclosed to the public its decision about the future of its verification program.
The verification badge was introduced in June 2009, to provide readers on the site a means to distinguish genuine notable account holders such as celebrities, Organizations from impostors.