Elon Musk’s purchase of Twitter is used by scammers as bait to steal login credentials from “famous or well-known” people or from those who believe they fit into a category.
The new phishing campaign builds on Elon Musk’s plan to monetize the blue Twitter checkmark, a symbol given to accounts whose identities (opens in a new tab) have been verified and are used to minimize spoofing scams that are rampant on the platform.
The phishing email says the blue checkmark will soon cost $ 19.99, but only for those who aren’t “famous or well-known.” People who fit the category will be able to use the feature for free, you only need to confirm your identity.
Providing fraudsters with sensitive intelligence
As usual with phishing emails, this one contains an “Provide Information” link through which victims are redirected to verify their identity. This site is a Google document at the URL of Google Sites. The landing page contains an embedded frame that is actually hosted on the Russian hosting platform.
The entire campaign is relatively amateurish and full of red flags. The email is sent from the Gmail address (twittercontactcenter) and not from the Twitter domain which is probably the biggest red flag. Added to this is the fact that the blue checkmark will not be $ 19.99, but $ 8, which was confirmed by the platform. Finally, there is absolutely no reason why the feature should be free for celebrities.
Other common signs of phishing emails include a pervasive sense of urgency (phishing emails always try to scare people into doing something recklessly), as well as typos, spelling mistakes, and other errors.
TechCrunch says Google removed the phishing site shortly after receiving information about its existence.
By: 9To5Mac (opens in a new tab)