Twitter verified profiles are now being attacked as part of a massive phishing attempt that exploits Twitter’s decision to remove the verified badge from numerous verified accounts. The initiative distributes an email often to the email addresses listed in their Twitter bio, urging users to engage in the verification of their account in order to preserve their verified identity.
This sizable deletion of verified badges coincides with a big administrative move at Twitter, with CEO Jack Dorsey stepping down and being replaced by the existing CTO Parag Agrawal. Activist shareholders have recently pressured Twitter, and while it continues to expand new features and generates good income, user growth appears to be slowing.
How do hackers accomplish their goals?
The email’s ‘Update here’ tab has a URL to [https://www.cleancredit[.]in/wp-content/uploads/2021/12/index.html], which then takes the user to [https://dublock[.]com/dublock/Twitter/].The hackers are exploiting hijacked URLs to serve phishing sites.
The user is prompted to submit the 2FA code issued to them when inputting Twitter login details on infected sites. The website takes the user to the Twitter site after acquiring the user’s Twitter credentials and 2FA code. Users must be on the lookout for fraudulent emails, as per the security researchers, and must not open the mail or click any links or attachments contained inside them.