New phishing campaign lures victims with new verification rules on Elon Musk’s Twitter
Elon Musk’s Twitter purchase is being used by scammers as a ploy to steal login information from “famous or well-known” people or who believe they fit into this category.
A new phishing campaign builds on Elon Musk’s plan to monetize Twitter’s Blue Checkmark, an icon for accounts with identity (opens in a new tab) verified and used to reduce the impersonation fraud rampant on the platform.
In the phishing email, it is said that the blue check mark will soon cost $19.99, but only for those who are not “famous or well known”. Those who fit into the category will be able to use the feature for free, all they need to do is confirm their identity.
Provide crooks with sensitive information
As usual with phishing emails, this email comes with a “Give Information” link where victims are redirected to verify their identity. The Site is a Google Document under the Google Sites URL. The landing page comes with a real embed framework hosted on a Russian hosting platform.
The entire campaign is relatively amateurish and brimming with red flags. The email is being sent from a Gmail address (twittercontactcenter), not Twitter’s domain, arguably the biggest red flag. Then there is the fact that the blue check mark will not cost $19.99 but $8, as confirmed by the platform. In the end, there’s absolutely no reason for the feature to be free to celebrities.
Other common indicators of phishing emails are a sense of urgency everywhere (phishing emails are always trying to scare people into doing something reckless), as well as typos and typos. and other errors.
TechCrunch said Google took down the phishing site shortly after it was exposed to its existence.
Through the: 9To5Mac (opens in a new tab)