Verified accounts on Twitter are now being targeted as part of a major phishing campaign taking advantage of Twitter removing the verified badge from several verified profiles.
The campaign sends an email out to the users, usually on the email mentioned in their Twitter bio, asking them to help verify their identity to keep their verified status.
This massive verified badge takedown aligns with a major executive change at Twitter where CEO Jack Dorsey resigned, promoting existing CTO Parag Agrawal. Twitter has recently faced a push from activist investors, and while it keeps launching new products and still has solid revenue coming in, user growth seems to be stalling.
Harnessing the confusion?
BleepingComputer’s Ax Sharma got a similar correspondence on the email mentioned in his Twitter bio, asking him to click an Update here button. The button linked to https://www.cleancredit.in/wp-content/uploads/2021/12/index.html, which in turn redirects users to another page at https://dublock.com/dublock/twitter/.
While we can confirm that the former link redirects to the latter, we didn’t see any phishing pages which presumably have been taken down. If you’d try to visit either of these links now, you’ll be greeted with a 404 error page.
According to BleepingComputer’s report, both the sites seem to have been compromised by the attacker to host malicious phishing webpages. Another thing to note was that the emails were successfully able to sneak past Gmail’s spam and phishing filters.
Once the user enters their Twitter credentials, the webpage then asks for a two-factor authentication code, after which users are redirected to the Twitter homepage.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.