Musk Takes Twitter Phishing For ‘Blue Ticks’

By   ISBuzz Team
Writer , Information Security Buzz | Nov 03, 2022 03:21 am PST

Musk’s Twitter takeover hit a heavy roadblock yesterday. In his hopes of having users pay for verification, it seems Musk caught the attention of looming cyber criminals, hungry to hijack users accounts by impersonating as Twitter support services.  

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Paul Bischoff
Paul Bischoff , Privacy Advocate
November 3, 2022 11:34 am

Prior to Musk’s announcement, many scammers attempted to defraud users who wanted a blue tick on Twitter. These scammers claimed they could verify a user’s identity and status to get them the blue tick in exchange for money, sometimes thousands of dollars. It doesn’t surprise me that this scam has now been flipped to phish users who already have the blue tick. It’s ironic that Musk claimed the new subscription would help reduce spam, but has, in the short term at least, increased it.

Last edited 1 year ago by Paul Bischoff
Chris Hauk
Chris Hauk , Consumer Privacy Champion
November 3, 2022 11:34 am

Unfortunately, the bad actors of the world are always alert for opportunities to do a little “phishing.” Twitter users should remain alert for phishing attempts like this. Always closely look at emails like this, check the email’s address, there is zero chance that an official Twitter email would come from a “” account. Never click any links or attachments in these types of unsolicited emails. Delete them, and also report them as spam.

Last edited 1 year ago by Chris Hauk
Steve Bradford
Steve Bradford , Senior Vice President
November 3, 2022 11:23 am

In today’s digital world, fraudsters have never been so ruthless with their tactics, and they’re increasingly using ones that are far more personal and harder to spot – capitalising on our human vulnerabilities, as evidenced by the surge in phishing scams in light of Musk’s Twitter changes.

With cybercriminals now masquerading as trustworthy support services to go unnoticed, businesses need to be tactical if they wish to spot suspicious behaviours. Many of these attacks, at their root, come down to some type of compromised identity, with user access points often targeted. With identity often being the make or break to any type of attack, organisations have a vital role to play in better safeguarding their identities, both machine and human. To reduce the risk of phishing attacks, businesses must look to implement multiple security controls – this should be standard best practice for cyber security.

Cyber criminals will use any tactic to trick people into handing over sensitive information. Organisations also have a vital role to play in increasing training and awareness for staff to spot suspicious and ‘out of the ordinary’ requests, whether that’s on email, phone or via social platforms. Additionally, on an enterprise level, we must fight bad actors with innovative technology such as identity security, to protect the workforce and reduce the risk of cyber-attacks and data breaches, by spotting irregular behaviour from users.

Last edited 1 year ago by Steve Bradford

Recent Posts

Would love your thoughts, please comment.x