Scammers and hackers are exploiting the confusion regarding Twitter’s new CEO, Elon Musk’s plans for paid blue ticks on the platform. They are sending phishing emails disguised as official Twitter notices and luring users into sharing their details. This post covers the details regarding such phishing schemes.

Elon Musk recently appointed himself as Twitter’s CEO and announced his plans to revamp Twitter’s verification process. Twitter initially proposed charging verified users a $20 monthly fee to retain their verified status. However, Musk later said the fee would be $8 and vary according to the country.

According to a tweet, Musk said that after successful verification, paid users will receive a blue tick and get priority in searches, mentions, and replies. Additionally, they will get fewer ads and can post longer multimedia content.

Musk asked his team to develop a feature to monetize the blue badge by November 7, and hackers joined the party by launching phishing campaigns targeting verified accounts. Like most phishing emails, they conveyed a false sense of urgency, asking the user to sign in to their Twitter account or their account will get suspended. Analysts at BleepingComputer examined the emails and said they originated from hacked websites’ servers or blogs running vulnerable unpatched plugins or hosting dated WordPress versions.


What Does The Phishing Email Look Like?

Several users received phishing emails pretending to be from Twitter, asking them to submit their personal details to keep the blue ticks on their Twitter accounts.

“Don’t lose your free Blue Tick Verified Status,” the phishing email exploits the news by stating that some verified users, particularly well-known accounts, must pay $19.99 monthly to keep the verified status.

The emails then attempt to create a sense of urgency. “You must give a short confirmation so that you do not get affected by this situation,” it says. “To maintain the verification badge free and permanently, confirm you are well-known. You must pay $19.99 monthly to get the verification badge if you don’t complete the verification.”



The email includes the button “Provide Information.” However, if you are an aware user, there are a few red flags that you can identify:

  • The message appears to originate from the email address twittercontactcenter@gmail and not an official Twitter domain.
  • Clicking the button leads the user to a Google Doc page before redirecting to another Google site. Then, the user must submit their phone number, Twitter account username, and password.


Other Phishing Tactics Used by Scammers

Other users reportedly received separate phishing notifications on Twitter claiming the company was revoking their verified status because their account was “inauthentic.” Then, the message tried to trick users into visiting a fake website to appeal. Of course, clicking the link took them to a fake website trying to harvest their Twitter login details and phone number, but one can imagine other approaches that scammers can take, including:

      • Inviting users to “sign up early” to avoid disappointment and then asking for their payment card details.
      • Offering them to help stake a claim on an existing Twitter account name and then asking for personal information.
      • Urging users to “pre-apply” to save time, then requesting similar information.


Twitter Verification Badge: A Status Symbol

Twitter blue badge got offered to verified accounts of celebrities, politicians, businesses, influencers, public figures, news organizations, and journalists. The few blue badge accounts on Twitter, compared to large unverified accounts on the platform, have led to the blue tick becoming a vanity and status symbol.

However, other than a perceived “status symbol” by some, the blue badge, at least in theory, separates real, authentic accounts of famous people from parody and copycat accounts created by third parties. Therefore, Twitter intended the verification to limit misinformation because users could see if the tweet originating from a verified account was authentic.

However, in practice, a hacked ‘verified’ account may display the blue badge even after the hacker modifies the name, profile picture, and bio. Furthermore, if Twitter starts selling the blue badge to any user willing to pay $8 a month, the team must revamp its process for adding authenticity to well-known accounts.

For example, Twitter can continue using unique labels on the accounts of famous politicians and state-affiliated entities, which will distinguish them from those having a paid blue badge.



Rapid Monetization or Losing Existing Revenue?

The Tesla CEO’s rapidly moved to monetize his recent acquisition of the famous social media platform because he took the $13 billion debt on Twitter during the acquisition. In its 16-year history, Twitter was profitable only a few times, in 2018 and 2019. But Musk must have considered the implications of his purchase when he first started his Twitter acquisition seven months ago.

Suppose every verified user on the platform decides to pay $8 a month; it will amount to $40.6 million annually, barely making a dent in the $1 billion that Twitter must now pay off annually. Making matters worse, more people are fleeing Twitter than expressing enthusiasm about paying $8 a month for the blue check mark. An internal analysis by the site found that Twitter was impacting its most active users, with over one million users leaving the website since the announcement of the takeover, as reported by MIT Technology Review.

Even advertisers temporarily paused their Twitter activity, further endangering its already limited revenue streams. General Motors, General Mills, Pfizer, and other large firms stopped their platform ads until they saw Musk’s vision for content moderation in action.


How to Stay Safe?

The standard cybersecurity advice applies during this situation. It will help you prevent phishing scams, whether it is the Twitter takeover or any other messages trying to lure you with fear of missing out, doubt, and uncertainty:

  • Use a password manager: It will help stop you from sharing an existing password to a fake site because the password manager will not recognize the imposter web pages.
  • Turn on 2FA: Two-factor authentication means you require a one-time code along with your password, making hacking into your account more difficult for crooks.
  • Avoid action buttons and login links in emails: If there is an action you want to take on a genuine website, find your way to the actual website using a URL you can look up securely or already know.
  • Never question the sender! Never ask the sender of a doubtful message if they are legitimate. If genuine, they will say so, but if they are malicious actors, they will say the same thing, so you learned nothing!


Final Words

Thus we saw how cybercriminals are taking advantage of the panic situation created by Twitter’s announcement of charging its verified users. The messages, portraying a false sense of urgency, focus on getting the victim to click a link and enter personal information on a malicious web page similar to Twitter’s interface. Some of the schemes also send two-factor authentication codes through SMS. However, without a streamlined verification process separating authentic accounts from imposters, the problems with Twitter’s existing verification mechanism will not disappear anytime soon.