The Twitter phishing problem is a side effect of the paid verification feature Elon Musk is planning to introduce. Cybercriminals are already taking advantage of Twitter’s ongoing authentication difficulties by sending phishing emails aimed to steal unknowing users’ credentials.
The phishing email campaign seeks to trick Twitter users into entering their usernames and password on an attacker’s website disguised as a Twitter assistance form.
The email is sent from a Gmail account and includes a link to a Google Doc and another to a Google Site, which allows users to host online content. This is likely to result in numerous levels of obfuscation, making it more difficult for Google’s automated scanning algorithms to detect misuse.
However, the website has an embedded frame from another site, housed on the Russian web host Beget, that requests the user’s Twitter handle, password, and phone number – enough to compromise accounts that do not employ stronger two-factor authentication.
Twitter phishing site taken down
Google quickly removed the fraudulent site when contacted. “Confirming we have taken down the links and accounts in question for violations of our program policies,” a Google official told.
The advertising seems sloppy, most likely because it was thrown together hurriedly to capitalize on recent reports that Twitter may soon charge users monthly for premium capabilities like as verification, as well as the stated prospect of removing verified badges from Twitter users who do not pay.
Twitter has yet to make a public decision regarding the future of its verification program, which was introduced in 2009 to validate the legitimacy of specific Twitter accounts, such as public figures, celebrities, and governments.
But that hasn’t stopped hackers — even those with lesser skill levels — from exploiting Twitter’s lack of clear information since it became private last week following the closure of Elon Musk’s $44 billion buyout.
The phishing site is also reported to Beget, and the problematic domain was eventually removed from service. A Twitter representative declined to comment.
I don’t know how Elon Musk’s changes, like bringing Vine back, will affect the company in the future but I am sure happy to see it’s not a political one side Ing-Soc authoritarian of a propaganda site anymore.
What else is happening at Twitter?
According to reports, Musk intends to drastically reduce Twitter’s employment, from around 7,000 employees down to 2,500, a 75% reduction. The billionaire acknowledged that he was “clearly overpaying” for the social media behemoth during the most recent Tesla earnings call, but added that the company’s long-term potential was “order of magnitude greater” than it was in its present state. He also wants to make the platform better than TikTok.
Musk restated his desire in a Twitter post for the social media platform to adopt a different approach to content moderation and filtering, though he has not yet responded to the most recent story.
Twitter should be as inclusive as it can be, acting as a fair arena for vigorous, though occasionally heated, discourse between drastically different points of view. And Musk responded with the “100” emoji when a Dogecoin enthusiast asked if he could simply make the platform more entertaining.
We explained why Twitter charging for verification and the Twitter Blue relationship. Elon Musk, who now owns Twitter, has issued his first ultimatum to his staff: either meet his deadline to establish paid verification on Twitter or quit. In the months before his acquisition, Musk made it plain that he planned to change the way Twitter validates accounts and manages bots. On Sunday, he tweeted, “The whole verification process is being revamped right now.”