Twitter Is Removing Verified Badges From Certain Accounts, And A Phishing Attack Is Taking Advantage Of The Situation

As Twitter continues its campaign of correcting past errors and removing certain accounts of their Verified badges, a new form of phishing is taking to the platform.

Early on in 2021, after years of lying dormant, the Verified Program was resurrected. Twitter had taken a sabbatical from the program owing to an overwhelming amount of criticism regarding the platform’s selection criteria. Users believed that Twitter held celebrity status in much higher regard than actual experience in a legitimate field of study when it came to handing out those coveted blue badges. This led to a rather high number of actors, singers, and influencers receiving Twitter Verification. The program was leaving many respected and established individuals from other fields outside of the club, as it were. Twitter decided to reevaluate its priorities regarding the program’s selection criteria, and froze the verification process until further notice.

Notice was then received in 2020, where Twitter opened up an online form, encouraging users to fill out their details and proof of experience in order to get Verified. In 2021, badges started being handed out again. While even an entire year’s a bit too early to tell whether or not the platform’s priorities are in order now, no form of major criticism is making the rounds right now. However, issuing new badges isn’t the only thing that Twitter’s been up to. Perhaps developers took the previous feedback about Verified badges being disproportionately handed out to heart, as they take up a new project: removing badges from users. Specifically, if Twitter feels like the assignment of a badge was a lapse in judgement, or an individual’s proven to be far too inactive on the platform, then their Verification is revoked.

This form of quality checking is probably doing wonders for the platform’s credibility, I must admit. However, this has led to a new form of security vulnerability making the rounds online. To be more direct, a rather specific type of phishing attack is preying on those very users who have lost their Verified badges. Captured screenshots by BleepingComputer reveal an email making the rounds, asking users to “update” their profile information to retain their verification. The emails look rather official, utilizing the same template that official emails from Twitter have on them. In fact, they look organic enough to escape Google’s spam filters, directly appearing in one’s inbox. Naturally, once personal information has been filled out, users are left vulnerable to whatever whims the cybercriminals have at the moment.

Read next: The CEOs of Many Major US Tech Companies Are Indians, And We’re Here To Discuss Why That May Be So
Previous Post Next Post