New phishing campaign attracts victims with new Elon Musk Twitter verification rules

Scammers use Elon Musk’s purchase of Twitter as a lure to steal login credentials from people who are “famous or known”, or those who think they fit the category.

The new phishing campaign is based on Elon Musk’s plan to monetize Twitter Blue Checkmark, a code given to accounts that Matches (Opens in a new tab) Verified and used to reduce impersonation fraud rampant on the platform.

In the scam email, it is said that the blue check mark will soon cost $19.99, but only for those who are not “famous or famous”. Those who fit into the category will be able to use the feature for free, all they need to do is confirm their identities.

Providing scammers with sensitive information

As usual with phishing emails, this comes with a “Submit Information” link, where victims are redirected to verify their identities. A site is a Google Doc within the Google Sites URL. The landing page comes with an inline framework that is already hosted on a Russian hosting platform.

The entire campaign is relatively unconventional and full of red flags. The email is sent from the Gmail address (twittercontactcenter), rather than the Twitter domain, which is arguably the biggest red flag. Then there’s the fact that the blue check mark won’t cost $19.99, but $8, the platform confirmed. Finally, there is absolutely no reason to make the feature free for famous people.

Other common indicators of phishing emails are a constant sense of urgency (phishing emails always try to scare people into doing something recklessly), as well as misspellings, misspellings, and other errors.

Take Crunch Google says it took down the phishing site shortly after being informed of its existence.

Across: 9 to 5 Mac (Opens in a new tab)

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version