Verified Twitter accounts hacked to send fake suspension notices

Miscreants are hacking verified Twitter accounts to send fake but well-written suspension messages that attempt to steal other credentials of verified users.

As it is not easy to gain a blue badge, threats of suspension can lead to individuals reacting without thinking, making them prime targets for hackers who value these types of accounts for their own scams.

Twitter verifies accounts if they are considered notable influencers, celebrities, politicians, journalists, activists, and government and private organizations.

To receive the verified 'blue badge,' Twitter users must apply for verification and submit supporting documentation to show why their account is 'notable.'

On July 1, BleepingComputer reporter Sergiu Gatlan received a phishing scam via Twitter DMs that said his account was being suspended for spreading hate speech:

Your account has been flagged as inauthentic and unsafe by our automated systems, spreading hate speech is against our terms of service.

We at twitter take the security of our platform very seriously. That's why we are suspending your account in 48h if you don't complete the authentication process.

It is also common to see users, including verified users, post to Twitter that they fell for a phishing attack, even when some of the victims are involved in cybersecurity:

Hackers continue to evolve their tactics to make their cyberattacks look legitimate, and by targeting verified users, they add a sense of urgency that may cause people to overlook suspicious signs.

The other day, the UK Ministry of Defence confirmed the British Army’s Facebook and Twitter accounts both were hacked to promote cryptocurrency scams.