Twitter’s new verification policy sets off an avalanche of phishing attacks

Threat actors are capitalizing on the uncertainty surrounding Twitter’s verification process, trying to lure users into providing their credentials in hopes of retaining coveted blue badges.

A new phishing campaign involves an email sent from a Gmail account, which asks users to provide “a short confirmation” about them being a well-known person to avoid being charged almost $20 a month for the badge. It then redirects to a Google Doc with a link to a Google Site. Allegedly, this is done to avoid Google’s in-built detection systems.

According to TechCrunch, the page contains an embedded frame from a site hosted on a Russian web host. It requests the user to provide their Twitter handle, password, and phone number, which should be enough to bypass simple identification.

Google took down the reported accounts and sites soon after being alerted about the incident.

A Russian web host Beget, used by threat actors in this campaign, also took down the domain in question after being informed.

Twitter’s new CEO Elon Musk announced changes to the platform’s verification system: now, the Twitter Blue service – launched as an optional upgrade in June last year – would become a mandatory premium feature, costing users $8 a month. While there is a chance that users who already have badges will not be able to retain them if they don’t pay, it hasn’t yet been officially confirmed.

Currently, the blue tick symbol, used to distinguish high-profile users, is free.

In order to avoid falling victim to similar phishing scams, users are advised to use two-factor authentication (2FA) on all platforms.