New phishing campaign lures victims with new Elon Musk Twitter verification rules
>
Elon Musk’s purchase of Twitter is being used by scammers to steal credentials from “famous or well-known” individuals, or those who think they fit the category.
A new phishing campaign is based on Elon Musk’s plan to monetize Twitter’s blue checkmark, a symbol given to accounts whose identities (opens in new tab) are verified and used to minimize impersonation fraud that is rampant on the platform.
The phishing email says that the blue tick will soon cost $19.99, but only for those who aren’t “famous or well-known”. Those who fit into the category can use the feature for free, all they have to do is confirm their identity.
Providing scammers with sensitive information
As usual with phishing emails, it comes with a “Provide Information” link, which redirects victims to verify their identity. The site is a Google Doc under a Google Sites URL. The landing page comes with an embedded frame that is actually hosted on a Russian hosting platform.
The whole campaign is relatively amateurish and bursting with red flags. The email is being sent from a Gmail address (twitter contact center), rather than Twitter’s domain, which is arguably the biggest red flag. Then there’s the fact that the blue check does not cost $19.99, but $8, as confirmed by the platform. Finally, there is absolutely no reason why the feature should be free for famous people.
Other common indicators of phishing emails include the ubiquitous sense of urgency (phishing emails always try to scare people into doing something recklessly), as well as typos, spelling mistakes, and other errors.
TechCrunch says Google removed the phishing site shortly after being tipped off about its existence.
Through: 9To5Mac (opens in new tab)