Update to Get Verified – A New Twitter Phishing Scam

Following former Twitter CEO Jack Dorsey’s resignation, Twitter users did expect some changes, especially after he passed the torch to CTO Parag Agrawal. Apparently, blue badges are disappearing, and threat actors are taking advantage of that with continuous phishing attacks.

A while ago, high profiles on TikTok received fake alerts about them losing their verification. Now, the Twitter phishing scam revolves around “How to keep it.”

When it comes to “The Twitter Blue Badge,” the most affected parties are influencers, politicians, artists, and the likes. That’s why such high-profile accounts can easily fall victim to these scams. So, what is this campaign all about? Find out in this article.

Keep Your Verified Status, Lose Your Sensitive Data

Recently, Twitter started removing checkmarks from a number of verified accounts, deeming them as “ineligible” for legendary status and mistakenly verified.

In fact, one of the most notable names is none other than English television presenter, producer, and Heart Radio’s national breakfast show host Jamie Theakston:

If users are already verified, getting demoted to a regular account would harm them and their reputation. So, if they receive an email “out of the blue” promising to keep their status, they’ll happily oblige.

Threat actors saw this as an opportunity to start a new phishing campaign. It starts with an email that prompts the users to “update” their details so as to not risk losing their verified status.

Here’s what the email states:

“Don’t lose your verified status. Hello, We updated our verification policy, and you could be affected. Please read the rules and make any necessary changes by December 05, 2021.”

The attackers are targeting verified users, especially those who list their email addresses in their bio for business reasons. Please note that it’s not necessarily the case. It’s also possible to receive such a message on the email associated with the Twitter account.

The received email includes an “Update Now” button that links to https://www.cleancredit[.]in/wp-content/uploads/2021/12/index.html, which then leads to this page: https://dublock[.]com/dublock/twitter/.

Once there, the users are prompted to submit their Twitter credentials to sign in.

Unfortunately, it doesn’t stop here. After the users submit their credentials, the scam asks them to enter provide the two-factor authentication code they received.

After getting the user’s Twitter username, password, and two-factor authentication code, the phishing page redirects the victim back to Twitter’s homepage. In other words, MISSION ACCOMPLISHED.

Twitter – Verified Badge for Scam

It doesn’t matter if your Twitter has verified your or not, you should never click on links that might seem slightly shady.

When you hover over the “link button,” you can see the URL without having to select it. In this scam’s case, it’s quite obvious that Twitter did not send it.

Twitter is probably messing up by removing “verified badges” from the wrong accounts. But until everything gets sorted out, phishing attacks of such a caliber will always pose a threat to users.

Always make sure before doing something that has such consequences at the end of the line. Don’t hesitate and stay safe.