Elon Musk wants to overhaul Twitter’s verification system now that he owns the company. A blue badge with a white checkmark indicates that you are who you say you are, which thwarts impersonators. For many social media lovers, verification icons are like badges of honor.
They signify that you’re important enough to require proof of identity. Until now, verification badges on Twitter have been free. But rumors say Musk wants to charge Twitter users $8 monthly to either get a checkmark or keep the one they already have.
You wouldn’t think anyone would want to pay to be verified. But some who have never been considered important enough to reach verified status might just go for it. Now that this story is everywhere, scammers are jumping on the bandwagon. Keep reading to find out how thieves might be targeting you.
Here’s the backstory
Maybe you think you aren’t at risk because you’re not a celebrity. You might shrug off this cybersecurity threat because you don’t have a verification badge. Actually, you should be on guard. Here’s why.
Zack Whittaker, a security editor with TechCrunch, blew the whistle on a new phishing campaign designed as a Twitter help form. You’ll get an email that says you will have to pay around $20 per month for a verification badge.
Next, the scammers play on your desire to save money. They’ll say you won’t have to pay a dime if you confirm you’re famous or well-known.
Twitter’s ongoing verification chaos is now a cybersecurity problem. It looks like some people (including in our newsroom) are getting crude phishing emails trying to trick people into turning over their Twitter credentials. pic.twitter.com/Nig4nhoXWF
— Zack Whittaker (@zackwhittaker) October 31, 2022
You must click a button to provide information to prove who you are. This redirects you to a Google Doc that prompts you to enter data, including:
- Twitter username.
- Account password.
- Phone number.
Don’t fall for this fake help form. It’s a malicious website designed to look like an official page.
Avoid falling victim to phishing scams
In this scheme, the Google Docs page you’re sent to has an embedded frame from a website hosted in Russia. It asks for enough data to take over your Twitter account. That’s why you should use two-factor authentication.
On the bright side, Google says it took down the site. But these emails might be lurking in your inbox, along with similar scams. Keep your eyes peeled. Otherwise, you could lose control of your social media accounts.
Remember that scammers piggyback on high-profile news stories by sending malicious emails to trick you into clicking their links. Look out for strange URLs, return addresses and spelling/grammar errors.