banner

News

Dec 24, 2023

Amid Switch to X, a Phishing Scam Targets Twitter Users

Home » Security Boulevard (Original) » Amid Switch to X, a Phishing Scam Targets Twitter Users

Cybercriminals thrive in chaos, so it’s no surprise that some are trying to take advantage of the unsettled situation surrounding Elon Musk’s decision to remake Twitter into X.

First seen by Twitter user @fluffypony, a phishing email is aimed at Twitter Blue users–those who are willing to pay $8 a month for blue verification checkmarks that until April had been free–purports to be an official note from Twitter/X, urging them to migrate their Twitter Blue subscriptions to X.

The phishing email comes from x.com and, according to @fluffypony, passes Security Policy Framework (SPF) checks. It’s even sent from and signed by Sendinblue, a customer relationship management (CRM) company that includes a platform for mailing lists, enabling it to get past many spam filters, including the one in Gmail.

Sendinblue in May was renamed Brevo.

“It links to a URL housed at twt[dot]blue, which at first glance may even appear to be a valid Twitter domain, but was registered on 2023-05-16 at a very different register (Tucows) to the registers used by Twitter.com and X.com,” the Twitter user wrote.

Via a screenshot from @fluffypony, the message tells the user that as “Twitter Blue seamlessly transforms into Stay Blue with X, your existing subscription is nearing its expiration and requires migration.”

It then warns that if the migration isn’t completed, the user is in danger of losing their verified checkmark, forcing them to reapply for it and resubscribe. The user is then prompted to click on the blue box labeled “Transition.”

“This link redirects you to a (legitimate) API authorization screen, which asks you to authorize and app that appears to be an official Twitter app – very sneaky!” @fluffypony writes. “The post-authorization URL is null/complete, so clearly not a valid Twitter application.”

Authorizing the app will give the bad actors control of the user’s Twitter account, including accessing and updating their profile and account settings, and follow and unfollow accounts. Cybercriminals can see, post, and delete tweets from the account.

There is a way out. Users who have fallen for the phishing email and authorized the fake app can go to Twitter Settings > Security and accounts access > Apps and sessions > Connected apps, and then revoke app permission for the app.

@fluffypony wasn’t the only Twitter user pitched by the threat actors. Another user wrote on Twitter that they tried to trick him, but he knew it was a scam because he doesn’t pay for the Twitter Blue checkmark.

Twitter is aware of the problem. Christopher Stanley, senior director of security engineering at the social network, said in a reply to @fluffypony that “[W]e are on it,” and Simon Bressier, head of deliverability and anti-fraud at Brevo, asked @fluffypony for the email headers so he could terminate the accounts.

The push by Musk–who reportedly has long had an interest in using X for a company name–and CEO Linda Yaccarino to migrate the iconic “Twitter” name to “X” surprised many people. Musk has had a vision for a supper app known as X that includes a social network, something he discussed even before sinking $44 billion into buying Twitter.

However, the transition hasn’t been smooth. Authorities in San Francisco last week temporarily stopped the company from removing the Twitter sign on its headquarters building after they failed to notify city officials and the building’s owner about the plans. Eventually, work was able to continue.

There also was a snag with Apple. Twitter last week rebranded the Twitter iOS and Android apps, giving them the X logo. However, the company initially wasn’t able to change the name of the app from Twitter to X in the Apple App Store. The App Store Connect, a portal used by developers to manage the apps, doesn’t allow developers to use a single letter for app names.

That said, Apple appears to at least have allowed an exception for Twitter, and the app in the App Store is now “X.” It comes with the tagline “Blaze your glory!”

Musk also is seeing the number of social networks looking to challenge Twitter growing, most recently with Meta and its Threads offering.

SHARE