Twitter Blue tick controversy invited scammers targeting accounts
With Elon Musk acquiring Twitter and firing Parag Agarwal, now the Ex CEO of twitter is still in headlines. Rumours are rife that the users who have verified accounts and users who want to get verified on twitter will now be paying 12$ as a monthly subscription fee. The blue tick on twitter is to notify people that a certain account is verified and belongs to a person who is of public interest and is recognized. While there is no restriction on the number of followers to get verified, users need to fill a verification request form and Twitter reviews user’s request and responds in a week confirming if the account can be verified.
Amidst all these confusions and chaos, hackers have discovered a new way of stealing twitter user’s credentials. As per reports, some twitter users including verified accounts are receiving fake emails for account verification. Phishing mails generally contains a link and lures users to click on the link. Phishing mails are designed in a way that lures users to provide their personal information which can be used by hackers for other malicious acts.
The email looks like a Twitter help form and guides users to enter their username and password for verification. The phishing email is mostly sent from Gmail and other email servers, the landing page contains an embedded frame from another site which is hosted on Russian web page. This link asks twitter users to provide Twitter account password and contact details. If the user has not implemented MFA (Multi-Factor Authentication), the hackers can easily compromise such accounts.
See more: Poland and Slovakian parliament rattled by sudden DDoS attack
The phishing campaign has been designed in a way to take advantage of the rumour that Twitter will start charging the premium account members. Also, users who fail to pay the subscription will reportedly be devoid of the “blue tick”.
See more: Probe demanded on Liz truss messages leaked by Russian agents
In response to these reports, Google has released a statement that they have taken down the links and accounts in question for violations of our program policies.
Follow on Facebook: Latest Hacking Updates
