Twitter’s Verification is Now a Cybersecurity issue

If you haven’t heard it yet, let me break it to you, Elon Musk has taken over Twitter. The regime change has already brought on a few noticeable changes to the platform. According to the latest reports, users will now have to pay Twitter for verifying their accounts. The entire verification process is a mess and cybercriminals are already capitalizing by taking advantage of the chaos.

Twitter’s Verification Chaos

Cybercriminals are sending phishing emails to unsuspecting individuals in order to acquire their credentials. The phishing email effort seeks to trick Twitter users into entering their username and password onto a website masquerading as a Twitter assistance form.

The email is sent from a Gmail account and contains a link to a Google Doc, as well as another connection to a Google Site, where users may host online content. This is likely to result in numerous levels of deception, making it more difficult for Google’s automated scanning algorithms to identify misuse. However, the website has an embedded frame from another site, housed on the Russian web host Beget, that requests the user’s Twitter handle, password, and phone number enough to data switch personal information on their servers and compromise accounts that do not employ stronger two-factor authentication. The good news is that Google quickly removed the phishing site after being notified.

The advertising seems sloppy, most likely because it was thrown together hurriedly to capitalize on recent reports that Twitter may soon charge users monthly for premium capabilities like as verification, as well as the stated prospect of removing verified badges from Twitter users who do not pay.

No official statements have been released by Twitter regrading the paid verification process or the phishing scheme, we guess the company is still adjusting to the changes internally and holding off making an announcements until it finalizes things.