As Twitter undergoes a turbulent transition to its rebranded version, X, a new phishing campaign has emerged, posing significant risks for Twitter Blue subscribers. The phishing scam capitalizes on the platform’s confusing transition, offering users the opportunity to transfer their Twitter Blue membership to X. However, falling for this ruse grants cybercriminals access to the victim’s entire Twitter account, potentially leading to catastrophic consequences.
The phishing email appears deceptively legitimate, displaying the sender’s name as ‘sales@x.com.’ While it passes SPF authentication checks, it actually originates from a mailing list platform called Sendinblue (now known as Brevo). The email tricks unsuspecting targets by claiming their existing subscription is nearing its expiration and requires migration, directing them to what appears to be a legitimate API authorization page. Upon approval, the cybercriminal gains full access to the victim’s Twitter account.
The API authorization provides the threat actor with various capabilities, including viewing content, modifying followers, updating profile and account settings, posting and deleting tweets, and engaging with other tweets.
Fortunately, victims can revoke API access relatively easily by navigating to their Twitter settings and disabling the connected app. It is advisable for all Twitter users, whether targeted by this phishing campaign or not, to regularly review their security settings for good internet hygiene.
For those who fail to disable the fraudulent service promptly, the potential consequences remain uncertain. In the worst-case scenario, victims may be locked out of their accounts, with the threat actor carrying out malicious activities on their behalf. As a precaution, affected users should consider using identity theft protection software to safeguard their personal information.
