The latest phishing scam targeting Twitter Blue user accounts comes amid the somewhat messy Twitter rebrand to X, with potentially disastrous consequences.
It all started when the signature blue bird disappeared from the social media site on Sunday July 23, giving way for the new X logo. However, the transition hasn’t been plain sailing, with discrepancies between the website and mobile app causing a range of problems for users.
The re-brand is not only plagued with usability issues, the chaos and confusion has created the perfect storm for cybercriminals to launch a phishing campaign. In the scam, Twitter Blue users are contacted by a legitimate-looking email which gives them the opportunity to switch their membership to X, but really only gives the cybercriminals access to their accounts.
How to Spot the Twitter Blue/X Phishing Scam
The email looks convincingly legitimate to even the well trained eye, with the display name ‘sales@x.com.’ The email manages to by-pass SPF authentication, intended for stopping phishing scams by detecting ‘spoofing’, despite the email actually coming from CRM and mailing list platform Brevo. This allows the phishing emails to get around most email providor’s spam filters undetected.
A Twitter Blue user who claims they almost fell victim to the scam, revealed that the emails says the victim’s “existing subscription is nearing its expiration and requires migration,” with a link directing users to a completely legitimate API authorization page. This authorization then grants the threat actor access to the victim’s account, enabling them to commit cybercrimes.
The cybercriminal will have a few view-only capabilities, plus the API allows the threat actor to amend followers, update profile and account settings, post and delete Tweets, engage with other Tweets, and more.
What to Do if You Were a Victim of X Scam?
If you think you’ve fallen victim to this convincing cyber scam, it’s important to act quickly to revoke the access the threat actor has to your account (before they can commit a crime under the guise of your account).
Fortunately, revoking API access is an easy process on Twitter. Navigate to Settings > Security and account access > Apps and sessions > Connected apps. This process should be carried out regularly to ensure you haven’t unknowingly granted access at any given time to scammers.
If you find yourself locked out of your Twitter account as a result of these cybercriminals, or are experiencing any other issues as a result of this phishing scam, you should contact Twitter support to ask for their help.
Twitter Rebrand to X, What to Expect?
The revamp is the latest change since the platform’s ubiquitous owner Elon Musk stepped down as CEO, passing the reins to Linda Yaccarino whilst still playing a prominent role in the company.
For now, the logo is the only new thing about X. However, Twitter 2.0 promises an AI-fueled expansion of the site's capabilities, X aims to follow the logo change with an ambitious foray into online banking and video messaging, among other areas, Yaccarino said.