New fraud emails plague verified accounts on Twitter, user accounts may be in danger

Numerous reports from verified Twitter users indicate that a new scam has been haunting users on the platform. Verified users on Twitter are getting phishing and fraudulent emails from scam accounts.

Verified accounts are indicated by a checkmark next to their name tag. Being a verified user means that it's confirmed that the user is an official personality, influencer, politician, journalist or part of a big organizations.

You can enlist your Twitter account and get verified by going through a specific process which asks for a users’ credentials. These credentials are asked by Twitter in order to verify that the Twitter account of the user is of an official authority.

New phishing emails that these verified Twitter users are getting are designed to extract these credentials. These emails are specifically crafted to scam verified Twitter users and steal their passwords, credentials and other important information.

Also, the verified Twitter account can be suspended, or the verification can be retracted by Twitter if the account shows suspicious behavior.

There have been reports on Bleeping Computer of average users getting emails from hacked Twitter accounts claiming that their ‘blue badge’ has been suspended. All Verified Twitter users get a blue badge when they’ve successfully completed the verification process. Here’s how the scammers target the accounts:

The phishing email first messages the user saying that the users’ ‘blue badge’ has been taken away. To recover it, they ask the users to click on the link. They also threaten the users that if they don’t comply and ignore the email, their Twitter account would be suspended.

When the users click on the link, they’re asked to enter their password. The page reloads once the user clicks yes and then the user is prompted to reenter the password. They do this to ensure that the user didn’t make a mistake when entering his password.

Once the user has entered his password two times, they run reset password process without the user even knowing. As reset password requires you to enter a PIN code that is texted on your mobile, they ask the user to enter that code on the page. If the user enters the PIN correctly, their account gets hacked.

Several users have fallen to this scheme. While some have recovered their accounts rather quickly, some were unable to recover them at all.

If you’re an internet user and receive an email like this, make sure to check the domain of the website you’re redirected once you click on the link. If it looks suspicious, block the account that sent you the message. You can also contact the organization, (in this case Twitter) and directly ask them if the email is credible or if it’s a scam.

Read next: Norton Analysts Highlight Numerous Online Scams That Prey on People’s Emotions
Previous Post Next Post