Twitter Verification Phishing Campaign

November 2, 2022

Banner Image

How the scam works

Cybercriminals have begun using Twitter's ongoing verification chaos to send phishing emails that steal the passwords of unsuspecting users. The scam operates with Twitter users firstly receiving an email from a person posing as a Twitter Admin, asking for their username and password in order to maintain free verification status. Twitter user Zach Whittaker was the first user to identify this new scam.

Image showing Twitter Verification Phishing Email

An actual phishing email received by a potential victim (Credit: Zach Whittaker)

The email is sent from a Gmail account and links to a Google Doc. The email contains a "Provide Information" button that takes targets to a Google Doc. Once there, users are directed to another page when they click on the link in this document---which has fields for username, password, and phone number associated with the Twitter account. The page itself contains an embedded frame from another site, hosted on a Russian web host Beget. For detailed reporting information.

This new attack once again demonstrates the importance for users to ensure they have two-factor-authentication enabled.

How to Identify a Phishing Scam

Signs that the campaign is a phishing scam:

  • Poor grammar and writing that no business would publish (a hallmark of phishing scams).

  • Email comes from a Gmail address. In this scam the email originated from Twittercontactcenter@gmail. A typical Twitter email will come from a @twitter email address.

  • The email asks you to click on a link or attachment. A legitimate Twitter email will not ask you to click on a link or attachment.

  • A link redirects you to a login page asking for your account username, password, and phone number.

How you can fight back

Vigilante offers you a platform to report phishing attacks you encounter in the wild. We then aggregate cybercrime reports from across the globe, providing a unique opportunity to spot emerging security threats earlier than ever before. Furthermore, user reports will also be relayed to major agencies so they can pursue further legal action against perpetrators and shut down their attack vectors. Report Now.

Help keep your online community safe by sharing this article. To stay up to date on new attack vectors follow us @VigilanteWatch on Twitter

Back to Article List