Skip to content

Phishing campaign targets Twitter verified accounts amidst confusion

  • by
  • 2 min read

Verified accounts on Twitter are now being targeted as part of a major phishing campaign taking advantage of Twitter removing the verified badge from several verified profiles. 

The campaign sends an email out to the users, usually on the email mentioned in their Twitter bio, asking them to help verify their identity to keep their verified status. 

This massive verified badge takedown aligns with a major executive change at Twitter where CEO Jack Dorsey resigned, promoting existing CTO Parag Agrawal. Twitter has recently faced a push from activist investors, and while it keeps launching new products and still has solid revenue coming in, user growth seems to be stalling.

In the News: Airtel faces global outage; expected to be resolved by 4 am in India

Harnessing the confusion?

BleepingComputer’s Ax Sharma got a similar correspondence on the email mentioned in his Twitter bio, asking him to click an Update here button. The button linked to, which in turn redirects users to another page at

While we can confirm that the former link redirects to the latter, we didn’t see any phishing pages which presumably have been taken down. If you’d try to visit either of these links now, you’ll be greeted with a 404 error page. 

According to BleepingComputer’s report, both the sites seem to have been compromised by the attacker to host malicious phishing webpages. Another thing to note was that the emails were successfully able to sneak past Gmail’s spam and phishing filters. 

Once the user enters their Twitter credentials, the webpage then asks for a two-factor authentication code, after which users are redirected to the Twitter homepage. 

In the News: Pixel watch rumour roundup: Leaks, renders and release date

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: