Twitter reportedly plans to charge for account verification, and some people are already getting phishing emails.
On Sunday, October 30, a report claimed that new Twitter CEO Elon Musk wants the company to charge users a monthly $19.99 subscription to keep their verification badge.
Security reporter Zach Whittaker noted that some people have gotten phishing emails that request the receiver to click a link and provide information, so they don't lose the verification badge.
Twitter's ongoing verification chaos is now a cybersecurity problem. It looks like some people (including in our newsroom) are getting crude phishing emails trying to trick people into turning over their Twitter credentials. pic.twitter.com/Nig4nhoXWF
-- Zack Whittaker (@zackwhittaker) October 31, 2022
The badge, commonly known as the "blue check," is meant to let Twitter users know that an account is genuine. Through the verification process, the company ensures that a real person or organization owns the account.
Currently, Twitter has a verification system for celebrities and people of public interest to go through a process that confirms their identity. It also has a monthly subscription called Twitter Blue, which adds extra customization to the service.
Phishing
Those emails are an example of a "phishing attack", when a malicious person sends an email, phone call, or text message purporting to be from a real institution, such as Twitter, to trick people into giving up their data.
For example, the attacker will create a website posing as a bank and craft an email to get the victim to log into the malicious website. Their username and password will be quickly stolen and used or sold by the attacker.
Some warning signs of a phishing email include typos and an email that doesn't match any official website. For example, the email address sent by the Twitter phisher used "twittercontactcenter@gmail.com."
A company isn't going to send official emails from a Gmail address. Instead, they will be sent from "@twitter.com" or "@apple.com." Unfortunately, attackers have more tricks to fake these addresses.
The most important way to stay safe from a phishing attack is to not click on any links inside one of these emails. Instead, contact the official company through its website if it's an unexpected email, such as a Twitter phishing attack.
Whether emailing the company's official address or contacting customer support, they can tell their users whether or not they sent the email.