Cybercriminals are leveraging Twitter’s recent removal of ‘verified’ checkmarks for certain accounts in a new phishing campaign designed to steal passwords.
The ‘verified’ badge, a status symbol in the Twiterverse, “tells people that your account is notable and authentic,” as per Twitter’s own description.
“To keep your verified status, please keep in mind that your Twitter account must always be complete,” the company notes. “This means having eithera verified email address or phone number, a profile image, and a display name. Any verified account in severe or repeated violation of our rules may lose their blue badge.”
While Twitter may still have bugs to iron out behind the scenes, it appears many users have been stripped of their blue checkmark with no compelling explanation. The move has prompted malicious actors to target these users with crafty phishing lures asking them to take steps to keep their badge or recover it.
Discovered by BleepingComputer last week, the phony email is sent to verified users, many of whom apparently chose to list an email address in their bio description. An “Update here” button takes unsuspecting victims to a phishing site that displays a form designed to capture the user’s login credentials, including their password.
“After gathering the user’s Twitter username, password, and two-factor authentication code, the phishing page redirects the user to the Twitter homepage,” Ax Asharma reports.
If you think you are being targeted by this scam or others like it, don’t engage with the content in the email or text message (especially links) and report the abuse to Twitter.
To paint an accurate picture of your online footprint and find out what key pieces of your digital identity have been exposed in breaches, leaks and data scraping, try Bitdefender Digital Identity Protection.
It helps you control and protect your digital identity with real-time notifications that alert you when your data ends up in data collections on the internet, and you get expert recommendations to fix any privacy issue detected so you can take steps to protect your security and privacy.
And with Bitdefender Total Security – now available free of charge for three full months – you can keep phishing or fraudulent websites and links at bay.