• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Network Security, News

Beware of Twitter Phishing Scams As Musk Takeover Unfolds

Cybersecurity experts are warning of significant security risks stemming from organizational changes at Twitter.

November 16, 2022 Zachary Comeau Leave a Comment

Twitter phishing, security, cybersecurity
stock.adobe.com/tashatuvango

With Twitter constantly in the news due to large-scale shifts in the social media company’s strategy after the takeover of Elon Musk, cybersecurity professionals are warning of new phishing scams and security risks as the new story continues to play out.

Billionaire and CEO of Tesla and SpaceX Elon Musk finalized his $44 billion acquisition of Twitter late last month, and has since made sweeping changes at the company, including mass layoffs and new subscription-based verification. This much upheaval at one of the most influential social media platforms to ever exist is now leading to phishing scams and other security problems.

Reports of phishing scams came late last month as this news first emerged. According to TechCrunch and others, a phishing campaign last month attempted to lure Twitter users into posting their credentials on an attacker website disguised as a Twitter help form.

TechCrunch reported that one phishing email was sent from a Gmail account and linked to a Google Doc with another link to a Google Site that attempted to create layers of obfuscation to make it more difficult to detect threats.

But the page itself contains an embedded frame from another site, hosted on a Russian web host Beget, which asks for the user’s Twitter handle, password and phone number — enough to compromise accounts that don’t use stronger two-factor authentication.

Google took down the phishing site a short time after TechCrunch alerted the company. A Google spokesperson told TechCrunch: “Confirming we have taken down the links and accounts in question for violations of our program policies.”

According to Sherrod DeGrippo, vice president of threat research at email security firm Proofpoint, the company has seen a notable increase in Twitter-related phishing campaigns that attempt to steal Twitter credentials.

Multiple campaigns have used lures related to Twitter verification or the new Twitter Blue product, with some emails claiming to include a Twitter Blue billing statement. These campaigns have used both Google Forms for data collection and URLs that direct users to threat actor-hosted infrastructure, DeGrippo says.

Campaigns are largely targeting media and entertainment entities such as journalists who are verified on Twitter. The email address often matches the Twitter handle used or the user’s email address available in their Twitter bio.

“It is not surprising threat actors are using Twitter-related lures,” DeGrippo says. “Cybercriminal threat actors regularly use themes that are related to major news items and relevant to human interests as that may increase the likelihood of someone engaging with social engineering content.”

While the future of Twitter may be in doubt with Musk continuing to make wholesale changes to the social media giant, gaining access to Twitter accounts can still be lucrative for threat actors, DeGrippo says.

“Legitimately verified Twitter accounts typically have larger audiences than the average user, and compromised accounts can be used to spread misinformation, urge users to engage with additionally malicious content like fraudulent cryptocurrency scams, and can be used to further phishing campaigns to other users,” DeGrippo says.

These security risks can also lead to brand reputation or financial damages if an attacker is able to successfully compromise a brand’s Twitter account, the can wreak havoc on that company’s image, says Matt Chiodi, chief trust officer at zero trust architecture firm Cerby.

“Social media accounts are generally managed by marketing teams and can have access to hundreds of millions of corporate dollars for advertising,” Chiodi says. “Not only could criminals siphon off that cash, they could defame a company’s Twitter profile with offensive content.”

Chiodi says that while organizations should still conduct security training to educate end users, many technologies are still built without security in mind, including social media platforms.

“None of the prominent social media platforms offer enterprise-grade authentication options to their billions of business and professional users,” he says. “This is unacceptable for tools that are so widely used by consumers and critical to enterprises and democracy.”

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Cybersecurity, phishing, Twitter

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Download TechDecisions' Blueprint Series report on Security Awareness now!Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

    Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared to defend against them in this report from TechDecisions' Blueprint Series.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.