Criminals now phishing verified Twitter accounts

Verified accounts normally belong to celebrities, politicians, governments and other high-profile users

Image:
Verified accounts normally belong to celebrities, politicians, governments and other high-profile users

It follows Twitter's recent removal of checkmarks from many verified accounts

Cybercriminals are sending phishing emails to verified users on Twitter in an effort to steal credentials and other information.

Phishing campaigns, which are relatively easy to set up and deploy, have become an increasing popular tactic among hackers in recent years. Phishing emails usually impersonate a famous brand or company, with the hackers attempting to trick the unsuspecting victims into disclosing important details like bank account numbers.

Bleeping Computer claims this new phishing campaign is not only attempting to steal Twitter users' credential, but any associated two-factor authentication code.

Verified accounts on Twitter refer to accounts that have a blue badge with a check mark. They typically represent prominent celebrities, journalists, politicians, activists, influencers, as well as government and private organisations. The blue Verified Badge lets people know that an account of public interest is authentic.

According to Bleeping Computer, the phishing email in the new campaign uses the Twitter brand name and logo and asks the receiver to 'update' their profile to continue using the service.

The message includes an 'Update here' button, which the receiver is asked to click.

When pressed, the button initially takes the user to a page with a 'cleancredit.in' URL. That redirects them to another page at 'dublock.en', which masquerades as the Twitter login page. Both websites appear to have been compromised by hackers.

The fake login page asks the user to enter their Twitter credentials to verify their account. After the details are entered and incorrectly validated, the user is asked to provide their two-factor authentication (2FA) code. Finally, the user - now victim - is redirected to the Twitter homepage.

The phishing campaign follows Twitter's recent removal of checkmarks from many verified accounts, stating that they were wrongly verified and were not eligible for the status.

The campaign comes more than a year after Twitter disclosed that a cyber attack targeting several high-profile accounts in July 2020 was caused by hackers who manipulated employees in phone spear-phishing scheme.

The attackers targeted 130 accounts, including those belonging to Elon Musk, Barack Obama, Joe Biden and Bill Gates.

Following the incident, Twitter promised to take steps to improve its methods for detecting and preventing unauthorised access to the company's internal systems, and also prioritising security work across many of its teams.