The announcement of a new Twitter feature that offers a blue check mark for a monthly fee has sparked a phishing campaign that collects the credentials of users who want to keep the coveted blue check mark.
A new phishing campaign uncovered by TechCrunch involves an email sent from a Gmail account asking users to provide a “brief proof” that they are a famous person in order to avoid paying nearly $20 a month for a badge.
The email then redirects to a Google Docs page with a link to the Google website. This is to avoid Google’s built-in detection systems. The page contains an inline frame from a site hosted by Beget web hosting. The page asks the user to provide their Twitter credentials and phone number.
Google removed the accounts and phishing sites shortly after being alerted to the incident. Russian web hosting Beget, which was used by the attackers in this campaign, also disabled the discovered domain after reports of the incident.
New Twitter CEO Elon Musk has announced changes to the platform’s verification system: Twitter Blue Service, launched in June 2021, will now be a premium feature and will be available on a subscription basis ($8 per month).
There’s a chance that verified users won’t be able to save icons if they don’t pay for a subscription, but this hasn’t been officially confirmed yet. Currently, the blue checkmark used to identify famous people is free.
NIX Solutions adds that to avoid falling victim to these phishing attacks, users are encouraged to use two-factor authentication (2FA) on all platforms.