--- title: "As Twitter Plans To Charge Verified Users $8 Fee, Threat Actors Start Launching Phishing Campaigns Exploiting The Situation | Phish Protection" description: "Scammers and hackers are exploiting the confusion regarding Twitter" image: "https://phishprotection.com/og/blog/twitter-plans-charge-verified-users-8-fee-threat-actors-start-launching-phishing-campaigns-exploiting-situation.png" canonical: "https://phishprotection.com/blog/twitter-plans-charge-verified-users-8-fee-threat-actors-start-launching-phishing-campaigns-exploiting-situation/" --- Quick Answer \*\*Scammers and hackers\*\* are exploiting the confusion regarding Twitter's new CEO, Elon Musk's plans for paid blue ticks on the platform. They are sending \[phishing emails\](/content/protection-from-phishing/how-to-stop-phishing-emails/) disguised as official Twitter notices and luring users into sharing their details. This post covers the details regarding such phishing schemes. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Ftwitter-plans-charge-verified-users-8-fee-threat-actors-start-launching-phishing-campaigns-exploiting-situation%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=As%20Twitter%20Plans%20To%20Charge%20Verified%20Users%20%248%20Fee%2C%20Threat%20Actors%20Start%20Launching%20Phishing%20Campaigns%20Exploiting%20The%20Situation&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Ftwitter-plans-charge-verified-users-8-fee-threat-actors-start-launching-phishing-campaigns-exploiting-situation%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Ftwitter-plans-charge-verified-users-8-fee-threat-actors-start-launching-phishing-campaigns-exploiting-situation%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Ftwitter-plans-charge-verified-users-8-fee-threat-actors-start-launching-phishing-campaigns-exploiting-situation%2F&title=As%20Twitter%20Plans%20To%20Charge%20Verified%20Users%20%248%20Fee%2C%20Threat%20Actors%20Start%20Launching%20Phishing%20Campaigns%20Exploiting%20The%20Situation "Share on Reddit") [ ](mailto:?subject=As%20Twitter%20Plans%20To%20Charge%20Verified%20Users%20%248%20Fee%2C%20Threat%20Actors%20Start%20Launching%20Phishing%20Campaigns%20Exploiting%20The%20Situation&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Ftwitter-plans-charge-verified-users-8-fee-threat-actors-start-launching-phishing-campaigns-exploiting-situation%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2022/11/prevent-spear-phishing-1379.jpg) **Scammers and hackers** are exploiting the confusion regarding Twitter’s new CEO, Elon Musk’s plans for paid blue ticks on the platform. They are sending [phishing emails](/content/protection-from-phishing/how-to-stop-phishing-emails/) disguised as official Twitter notices and luring users into sharing their details. This post covers the details regarding such phishing schemes. **Elon Musk** recently appointed himself as **Twitter’s CEO** and announced his plans to revamp Twitter’s verification process. Twitter initially proposed charging verified users a $20 monthly fee to retain their verified status. However, Musk later said the fee would be $8 and vary according to the country. According to a tweet, Musk said that after successful verification, paid users will receive a blue tick and get priority in searches, mentions, and replies. Additionally, they will get fewer ads and can post longer multimedia content. Musk asked his team to develop a feature to monetize the blue badge by November 7, and hackers joined the party by\*\* launching phishing campaigns\*\* targeting verified accounts. Like most phishing emails, they conveyed a false sense of urgency , asking the user to sign in to their Twitter account or their account will get suspended. Analysts at[BleepingComputer](https://www.bleepingcomputer.com/news/security/as-twitter-brings-on-8-fee-phishing-emails-target-verified-accounts/)examined the emails and said they originated from hacked websites’ servers or blogs running vulnerable unpatched plugins or hosting dated WordPress versions. ### What Does The Phishing Email Look Like? ![Prevent spear phishing](https://media.mailhop.org/phishprotection/images/2022/11/prevent-spear-phishing-1379.jpg) Several users received phishing emails pretending to be from Twitter, asking them to submit their personal details to keep the blue ticks on their Twitter accounts. **“Don’t lose your free Blue Tick Verified Status,”** the phishing email exploits the news by stating that some verified users, particularly well-known accounts, must pay $19.99 monthly to keep the verified status. > The emails then attempt to create a sense of urgency. “You must give a short confirmation so that you do not get affected by this situation,” it says. “To maintain the verification badge free and permanently, confirm you are well-known. You must pay $19.99 monthly to get the verification badge if you don’t complete the verification.” The email includes the button “Provide Information.” However, if you are an aware user, there are a few red flags that you can identify: The message appears to originate from the email address twittercontactcenter@gmail and not an official Twitter domain. Clicking the button leads the user to a Google Doc page before redirecting to another Google site. Then, the user must submit their phone number, Twitter account username, and password. ### Other Phishing Tactics Used by Scammers Other users reportedly received separate phishing notifications on Twitter claiming the company was revoking their verified status because their account was **“inauthentic.”** Then, the message tried to trick users into visiting a fake website to appeal. Of course, clicking the link took them to a fake website trying to harvest their Twitter login details and phone number, but one can imagine other approaches that scammers can take, including: - Inviting users to "sign up early" to avoid disappointment and then asking for their payment card details. Offering them to help stake a claim on an existing Twitter account name and then asking for personal information. Urging users to “pre-apply” to save time, then requesting similar information. ### Twitter Verification Badge: A Status Symbol _Twitter blue badge got offered to verified accounts of celebrities, politicians, businesses, influencers, public figures, news organizations, and journalists._ The few blue badge accounts on Twitter, compared to large unverified accounts on the platform, have led to the blue tick becoming a vanity and status symbol. However, other than a perceived “status symbol” by some, the blue badge, at least in theory, separates real, authentic accounts of famous people from parody and copycat accounts created by third parties. Therefore, Twitter intended the verification to **limit misinformation** because users could see if the tweet originating from a verified account was authentic. However, in practice, a hacked ‘verified’ account may display the blue badge even after the hacker modifies the name, profile picture, and bio. Furthermore, if Twitter starts selling the blue badge to any user willing to pay $8 a month, the team must revamp its process for adding authenticity to well-known accounts. For example, Twitter can continue using unique labels on the accounts of famous politicians and state-affiliated entities, which will distinguish them from those having a **paid blue badge**. ### Rapid Monetization or Losing Existing Revenue? The Tesla CEO’s rapidly moved to monetize his recent acquisition of the famous social media platform because he took the $13 billion debt on Twitter during the acquisition. In its 16-year history, Twitter was profitable only a few times, in 2018 and 2019\. But Musk must have considered the implications of his purchase when he first started his Twitter acquisition seven months ago. Suppose every verified user on the platform decides to pay $8 a month; it will amount to $40.6 million annually, barely making a dent in the $1 billion that Twitter must now pay off annually. Making matters worse, more people are fleeing Twitter than expressing enthusiasm about paying $8 a month for the blue check mark. An internal analysis by the site found that Twitter was impacting its most active users, with over one million users leaving the website since the announcement of the takeover, as reported by MIT Technology Review. Even advertisers temporarily paused their Twitter activity, further endangering its already limited revenue streams. General Motors, General Mills, Pfizer, and other large firms stopped their platform ads until they saw Musk’s vision for content moderation in action. ![Office 365 phishing protection](https://media.mailhop.org/phishprotection/images/2022/11/office-365-phishing-protection-4576.jpg) ### How to Stay Safe? The standard [cybersecurity](/) advice applies during this situation. It will help you [prevent phishing scams](/content/phishing-prevention/), whether it is the Twitter takeover or any other messages trying to lure you with fear of missing out, doubt, and uncertainty: - **Use a password manager:**It will help stop you from sharing an existing password to a fake site because the password manager will not recognize the imposter web pages. - **Turn on 2FA**: Two-factor authentication means you require a one-time code along with your password, making hacking into your account more difficult for crooks. - **Avoid action buttons and login links in emails:**If there is an action you want to take on a genuine website, find your way to the actual website using a URL you can look up securely or already know. - **Never question the sender!**Never ask the sender of a doubtful message if they are legitimate. If genuine, they will say so, but if they are malicious actors, they will say the same thing, so you learned nothing! ### Final Words Thus we saw how cybercriminals are taking advantage of the panic situation created by Twitter’s announcement of charging its verified users. The messages, portraying a false sense of urgency, focus on getting the victim to click a link and enter **personal information** on a malicious web page similar to Twitter’s interface. Some of the schemes also send [two-factor authentication codes](https://www.investopedia.com/terms/t/twofactor-authentication-2fa.asp#:~:text=Key%20Takeaways,fingerprint%2C%20face%2C%20or%20retina.) through SMS. However, without a streamlined verification process separating authentic accounts from imposters, the problems with Twitter’s existing verification mechanism will not disappear anytime soon. ## Topics [ Cybersecurity ](/tags/cybersecurity/)[ Phishing ](/tags/phishing/)[ Phishing Awareness ](/tags/phishing-awareness/)[ Uncategorized ](/tags/uncategorized/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m American Airlines Suffers Employee Email Data Breach, Personal Information at Risk Oct 4, 2022 ](/blog/american-airlines-suffers-employee-email-data-breach-personal-information-risk/)[ Intermediate 5m BitRAT Malware Threat Actors Leveraging Stolen Columbian Cooperative Bank Data in Phishing Campaign Jan 18, 2023 ](/blog/bitrat-malware-threat-actors-leveraging-stolen-columbian-cooperative-bank-data-in-phishing-campaign/)[ Intermediate 5m Find Out About the Latest Case of Threat Actors Utilizing Phishing-as-a-Service to Steal $120,000 Feb 20, 2023 ](/blog/find-out-about-the-latest-case-of-threat-actors-utilizing-phishing-as-a-service-to-steal-120000/)[ Intermediate 5m GoDaddy Customers Beware: Hackers Have Been Stealing Source Code for Years Mar 6, 2023 ](/blog/godaddy-customers-beware-hackers-have-been-stealing-source-code-for-years/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"As Twitter Plans To Charge Verified Users $8 Fee, Threat Actors Start Launching Phishing Campaigns Exploiting The Situation","description":"Scammers and hackers are exploiting the confusion regarding Twitter's new CEO, Elon Musk's plans for paid blue ticks on the platform.","url":"https://phishprotection.com/blog/twitter-plans-charge-verified-users-8-fee-threat-actors-start-launching-phishing-campaigns-exploiting-situation/","datePublished":"2022-11-10T11:03:02.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2022-11-10T11:03:02.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/twitter-plans-charge-verified-users-8-fee-threat-actors-start-launching-phishing-campaigns-exploiting-situation/"},"articleSection":"intermediate","keywords":"Cybersecurity, Phishing, Phishing Awareness, Uncategorized","wordCount":1203,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2022/11/prevent-spear-phishing-1379.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What Does The Phishing Email Look Like?","acceptedAnswer":{"@type":"Answer","text":"\"Prevent"}},{"@type":"Question","name":"Rapid Monetization or Losing Existing Revenue?","acceptedAnswer":{"@type":"Answer","text":"The Tesla CEO's rapidly moved to monetize his recent acquisition of the famous social media platform because he took the"}},{"@type":"Question","name":"How to Stay Safe?","acceptedAnswer":{"@type":"Answer","text":"The standard [cybersecurity](/) advice applies during this situation. It will help you [prevent phishing scams](/content/phishing-prevention/), whether it is the Twitter takeover or any other messages trying to lure you with fear of missing out, doubt, and uncertainty:"}}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"As Twitter Plans To Charge Verified Users $8 Fee, Threat Actors Start Launching Phishing Campaigns Exploiting The Situation","item":"https://phishprotection.com/blog/twitter-plans-charge-verified-users-8-fee-threat-actors-start-launching-phishing-campaigns-exploiting-situation/"}]} ```