A new phishing campaign is targeting Twitter Blue subscribers during the social media platform’s messy transition to X, and the fallout could be catastrophic.
Twitter owner Elon Musk and new CEO Linda Yaccarino hope the platform will soon become X, but the transition has been anything but smooth, with the rebranding at headquarters not going according to plan. Moreover, the discrepancy between the website and mobile apps is giving some users a complete headache.
Hoping to take advantage of this confusion, a cybercriminal offers Twitter Blue subscribers to transfer their membership to X, but this only gives the cybercriminal access to a user’s entire Twitter account.
Twitter Blue/X phishing emails
To an unsuspecting target, the email appears to be from a legitimate source, with the display name “sales@x.com”. The email passes SPF authentication checks despite coming from mailing list platform Sendinblue (now known as Brevo).
A screenshot of the email posted by Twitter user @fluffypony claims that a victim’s “existing subscription is about to expire and needs to be migrated,” with a link directing users to a completely legitimate API authorization page. The fact that it is legitimate means that once approved, the threat actor can access a user’s Twitter account.
In addition to some read-only capabilities, the API allows the threat actor to customize followers, update profile and account settings, post and delete tweets, interact with other tweets, and more.
Fortunately, revoking API access is fairly easy on Twitter, by navigating to Settings > Security & Account Access > Apps & Sessions > Connected Apps.
Checking these settings is generally a good idea whether you are the target of this phishing attack or not, purely for the sake of good internet hygiene. For those not quick enough to disable the unreliable service, it’s unclear what the result might be. In the worst case, they may be banned from accessing their account while activity is in progress, in which case they may consider identity theft protection software.