A new phishing scam is making the rounds following Twitter’s plan to start charging for verified accounts. This new phishing scam exploits Twitter’s move by sending out mass emails that appear to be coming from Twitter. The emails instruct users to verify their accounts by providing personal information. This new phishing scam exploits this recent news by sending out mass emails that look like they’re from Twitter, telling users that they need to verify their accounts by providing personal information.
Journalists at TechCrunch and NBC News had received these Phishing emails which demanded personal information in exchange to maintain the infamous Blue checkmarks against their Twitter accounts.
The phishing email warns, “Don’t lose your free Verified Status.” The blue checkmark has not yet undergone any official changes from Twitter. The phishing email, however, tries to capitalise on the news by asserting that some verified users, particularly celebrities, will have to pay $19.99 per month starting on 2nd November in order to maintain the status.
At first glance, the email appears to be authentic, but there are a few warning signs that indicate it’s fake. A clear red flag is the email address used to send out these mass emails; twittercontactcenter@gmail is used instead of the official Twitter domain. Another obvious flag is the email creates a sense of urgency.
Additionally, the button redirects the user to a Google Doc page, before sending them to another Google site. It’s the Google website that requests users to provide their phone number, password and Twitter account username thus providing a hacker with a simple method to access the account. The Google website then requests the user to provide their phone number, password, and Twitter account username, providing the hacker with a simple method to access the account.
Tech-savvy Twitter users wouldn’t fall for this phishing email, however, others can easily be misled into believing that they could lose their verified status and therefore prompt them to pay.
To protect yourself from these attacks, be sure to never click on links in emails or tweets unless you’re absolutely sure they’re legitimate. If you’re unsure, you can always hover over the link to see where it will take you before you click on it. If you do click on a link and it takes you to a website that looks suspicious, don’t enter any personal information or login credentials. To continue to spread awareness, share this blog with others to help them stay away from scams.