Cybercriminals are already going to profit from the current Twitter verification chaos by sending phishing emails intended to steal users’ credentials without their consent. It becomes the Twitter Cybersecurity threats.
There has been criticism on social media and online since Elon Musk revealed that Twitter will revamp its verification procedure. Several users, including Zack Whittaker of TechCrunch, have reported receiving phishing emails intended to steal personal information.
TechCrunch claims, innocent people, especially those with verified accounts, are receiving harmful phishing emails aimed at stealing their credentials. The emails contain links to an attacker’s website that also poses as Twitter Support, even though they appear to be from Twitter Support.
How will that “phishing email”?
The email was received using a Gmail address, and it contains links to a Google Doc and a Google Site, which allow users to host web content. This will probably add many levels of complexity that makes it more challenging for Google’s automated scanning technologies to find exploitation. however, the page itself has an embedded frame from a different website that is run by the Russian web host Beget and requests the user’s Twitter handle password and phone number. This is sufficient to compromise accounts that don’t use more powerful two-factor verification.
The security Editor of TechCrunch tweeted today, “Twitter’s ongoing verification chaos is now a security threats in cyber security. It looks like some people (including in our newsroom) are getting crude phishing emails trying to trick people into turning over their Twitter credentials.” He also attached an image where it was clearly seen the interface of the email.
The email with the subject “Twitter Warning” that was sent to the TechCrunch newsroom stated, “Don’t lose your free verified status.” Zack Whittaker emphasised that the emails were sent from a Gmail email account and directed recipients to a Google Document and a Google webpage, respectively.
Immediately after TechCrunch notified Google, the company swiftly deleted the phishing website. According to a Google official, TechCrunch: “Confirming we have taken down the links and accounts in question for violations of our program policies.”
Attackers appear to be capitalizing on the aura of uncertainty around the new Twitter Blue Tick verification process.
What about the other Verified Twitter Accounts about the new cyber threats?
Twitter Cybersecurity threat report says, not only TechCrunch but also many other verified accounts complain that they are at the gunpoint of cyber criminals.
Verified Twitter account, @MelissaJPeltier said, “I fell for a phishing scam in my DMs a week before the Elon takeover. Then they used my hijacked blue check to lure other blue checks to the scam. Don’t think that timing is totally coincidental.”
The incident was claimed by a Twitter user with the handle @Viss. He alleged, “I got added to a list by some account claiming to be some kind of verifier enforcement. it tried to get me to go to some website and fill out a form to keep verified status.”
Will Elon Musk drop his plan for Twitter Verification Norms due to this Twitter Cybersecurity News?
Platformer expects that verification will most likely be a part of Twitter Blue, despite the possibility that the project has still been put on hold since Elon Musk has not yet made a final decision. Musk tweeted, “Whole verification procedure is being revamped right now.”
But is it true that Twitter Verification is chargeable? What does the verified account need to do to maintain the “Blue Tick” on their Twitter account? Read here to get the answers to these questions.
To reduce suspicion and disapproval, it would be in everyone’s best interests if Twitter could clarify the current situation.
To get more tech blogs, click here.