Twitter Takeover Fuels Phishing Scams, Fake Verified Accounts

Public information officers who operate government Twitter accounts are urging the public to verify public safety accounts.
Published: November 22, 2022

With Twitter constantly in the news due to large-scale shifts in the social media company’s strategy after the takeover of Elon Musk, cybersecurity professionals are warning of new phishing scams and security risks as the new story continues to play out.

Billionaire and CEO of Tesla and SpaceX Elon Musk finalized his $44 billion acquisition of Twitter late last month and has since made sweeping changes at the company, including mass layoffs and new subscription-based verification. This much upheaval at one of the most influential social media platforms to ever exist is now leading to phishing scams and other security problems.

Reports of phishing scams came late last month as this news first emerged. According to TechCrunch and others, a phishing campaign last month attempted to lure Twitter users into posting their credentials on an attacker website disguised as a Twitter help form.

TechCrunch reported that one phishing email was sent from a Gmail account and linked to a Google Doc with another link to a Google Site that attempted to create layers of obfuscation to make it more difficult to detect threats.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

According to Sherrod DeGrippo, vice president of threat research at email security firm Proofpoint, the company has seen a notable increase in Twitter-related phishing campaigns that attempt to steal Twitter credentials.

Multiple campaigns have used lures related to Twitter verification or the new Twitter Blue product, with some emails claiming to include a Twitter Blue billing statement. These campaigns have used both Google Forms for data collection and URLs that direct users to threat actor-hosted infrastructure, DeGrippo says.

Campaigns are largely targeting media and entertainment entities such as journalists who are verified on Twitter. The email address often matches the Twitter handle used or the user’s email address available in their Twitter bio.

“It is not surprising threat actors are using Twitter-related lures,” DeGrippo says. “Cybercriminal threat actors regularly use themes that are related to major news items and relevant to human interests as that may increase the likelihood of someone engaging with social engineering content.”

While the future of Twitter may be in doubt with Musk continuing to make wholesale changes to the social media giant, gaining access to Twitter accounts can still be lucrative for threat actors, DeGrippo says.

“Legitimately verified Twitter accounts typically have larger audiences than the average user, and compromised accounts can be used to spread misinformation, urge users to engage with additionally malicious content like fraudulent cryptocurrency scams, and can be used to further phishing campaigns to other users,” DeGrippo says.

These security risks can also lead to brand reputation or financial damages if an attacker is able to successfully compromise a brand’s Twitter account. They can wreak havoc on that company’s image, says Matt Chiodi, chief trust officer at zero trust architecture firm Cerby.

“Social media accounts are generally managed by marketing teams and can have access to hundreds of millions of corporate dollars for advertising,” Chiodi says. “Not only could criminals siphon off that cash, they could defame a company’s Twitter profile with offensive content.”

Chiodi says that while organizations should still conduct security training to educate end users, many technologies are still built without security in mind, including social media platforms.

“None of the prominent social media platforms offer enterprise-grade authentication options to their billions of business and professional users,” he says. “This is unacceptable for tools that are so widely used by consumers and critical to enterprises and democracy.”

Public Safety Departments Warn of Fake Accounts

Over the years, Twitter has proven to be one of the most effective tools for quickly disseminating time-sensitive information to the masses. Nearly all types of campuses heavily rely on the social media platform to deliver vital messages during emergencies.

Disasters have long been a breeding ground for spreading misinformation but government accounts have helped assuage the rumors, according to Jun Zhuang, a professor at the University of Buffalo who studies how false information spreads during natural disasters.

Now, amid the Twitter turmoil, public information officers who operate government Twitter accounts are urging the public to verify that it is really their accounts appearing on their timelines, reports AP News. The Washington State Department of Natural Resources, which issues wildfire and weather warnings, shared with its followers a link to a thread with helpful tips on how to determine if a Twitter handle is real. Suggestions include looking at how old the account is and checking to see if the public safety agency’s website links to the profile.

Juliette Kayyem, a former homeland security adviser at the state and national levels, told AP News that the profile verification changes could be a matter of life or death.

“In a disaster where time is limited, the greatest way to limit harm is to provide accurate and timely information to communities about what they should do,” Kayyem said. “Allowing others to claim expertise — it will cost lives.”

Kayyem, who previously worked with Twitter on researching how government agencies can communicate effectively during emergencies, said the company’s trust and safety department “thought long and hard” about its public service role. However, those senior leaders who were responsible for cybersecurity, data privacy, and regulatory compliance are now gone, she added.

The first part of this article was written by Zachary Comeau, editor of Campus Safety’s sister publication,

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series