That didn’t take long! Cybercrooks target verified Twitter users with scam emails asking for their credentials – as Elon Musk reveals plans to charge $8/month for blue tick
- Elon Musk completed his $44billion takeover of Twitter at the end of October
- He has made his intentions clear for a $8/month fee for verification
- Now, cybercrooks are taking advantage of this with phishing emails
- Emails claim to be from Twitter and try to trick you into giving away credentials
Elon Musk’s $44billion (£38bn) takeover of Twitter was finally confirmed at the end of last month, and the new CEO has wasted no time making changes to the platform.
Around half (3,700) of Twitter’s staff have been laid off, while Musk has also made his intentions clear for a $8/month fee for ‘Blue Tick’ verification.
Now, it seems that cybercrooks are taking advantage of these rapid changes and are targeting unsuspecting users with phishing emails.
The emails claim to be from Twitter and try to trick people into turning over their credentials to keep their blue tick.
Speaking to MailOnline, Jake Moore, Global Cybersecurity Advisor at ESET, said: ‘With this new version of Twitter verification coming into play, cybercriminals have inevitably jumped on the bandwagon in a new attempt to hunt out people’s financial details.’
Searches for ‘How to delete Twitter’ have surged by 500 per cent in the past week since Elon Musk took over the platform
Cybercrooks are taking advantage of these rapid changes and are targeting unsuspecting users with phishing emails. The emails claim to be from Twitter and try to trick people into turning over their credentials to keep their blue tick
HOW TO DELETE YOUR TWITTER ACCOUNT
‘With its near impeccable timing, unbeknown victims are likely to be manipulated into believing the scam and hand over their card details before doing further due diligence,’ Mr Moore added.
‘Unfortunately, it could then cost them a lot more than $8 a month in fraudulent usage on their cards.’
MailOnline’s Shivali Best received a scam email claiming to be from ‘Twitter Web Services’ this week.
‘Greetings from Twitter blue badge payment,’ the email reads.
‘This e-mail confirms that your latest billing statement, for the account email@example.com, is available on the Twitter web site. Your account will be charged the following: Total: $8.’
The email then prompts you to click a link to see a ‘complete break down of all charges on the Billing & Cost Management page’.
Shivali’s Twitter account is not linked to the email address cited, making it immediately clear that this is a scam.
However, if the email address had been the correct one, you could see how the email could be convincing.
Shivali isn’t alone – Zack Whittaker, Security Editor at TechCrunch, posted a photo of a scam email he’d received in the wake of Musk’s takeover.
‘Twitter’s ongoing verification chaos is now a cybersecurity problem,’ he tweeted.
‘It looks like some people (including in our newsroom) are getting crude phishing emails trying to trick people into turning over their Twitter credentials.’
Clicking through the link in the email would have taken Zack through to a fake site that tried to harvest his phone number and Twitter login details.
However, Naked Security says there are also several other approaches that scammers could be taking.
‘Inviting you to “sign up early” to avoid disappointment, and then phishing for your payment card details,’ it suggests.
‘Offering to help you stake a claim on an existing account name, and then phishing for significant personal information.
‘Urging you to “pre-apply” to save time later, then requesting similar information.’
If you do receive a suspicious email, it’s best to delete it, according to Mr Moore.
‘Anyone receiving emails or text messages requesting financial details must delete these immediately and not hand any information over,’ he advised.
‘Twitter Blue is not yet available in the UK but once it is users will only be able to purchase the subscription via their Twitter accounts.’
Other key measures you can take to protect your account include using a password manager and turning on two-factor authentication.
Source: Read Full Article