Verified Twitter accounts (Twitter certifies accounts for well-known influencers, celebrities, public figures, reporters, social activists, and public and private sector agencies) are being hacked. As per reports, these accounts are being hacked to generate false suspension notifications that are well-written in an effort to acquire the credentials of other verified users.
Twitter users who ask for verification and provide proof that their account is “notable” will be given the verified “blue badge.”
Threats of suspension can cause individuals to act impulsively because getting a blue badge is difficult, which makes them easy prey for threat actors who use these kinds of accounts for their own schemes.
Sergiu Gatlan, a reporter for BleepingComputer, got a phishing message via Twitter personal messages on Friday afternoon claiming that his account had been suspended for posting hate speech.
“Your account has been flagged as inauthentic and unsafe by our automated systems, spreading hate speech is against our terms of service,” reads the phishing message below.
“We at twitter take the security of our platform very seriously. That’s why we are suspending your account in 48h if you don’t complete the authentication process.”
Sergiu clicked the tinyurl.com address in the DM to check out the phishing scheme, which led him to https://twitter-safeguard-protection[.]info/appeal/.
This website first requested a Twitter user name, then once a user entered a test account, it used the Twitter APIs to fetch the test account’s photo on the backend. The authenticity of the phishing scam is increased by displaying the authentic image.
This phishing site rejected invalid passwords, unlike many other phishing schemes that allow you to input your password countless times before it accepts it.
It asked Sergiu for his account’s email address after he had entered the right password. Once more, fake email addresses were turned down, proving that the phishing website is using Twitter APIs to verify the validity of user accounts.
When he finally input the correct information, the phishing page showed a message that read, “Authenticity Check is completed, your account has been proved authentic by our automatic system, all current problems are resolved”.
But at this time, his test account’s login credentials has been hacked, so he immediately changed it to something else.
Anyone who has reached this point, however, is unlikely to be aware that their login information was stolen and is more likely to discover that they are unable to access their account later that day or just the next day.
