Someone in Moscow had logged into her Twitter account she verified her, she said. Pearl knew the subject of the email content, as it resembled Twitter's previous automated correspondence, with a minimal white background, black text, and blue links.
Fearing the security of her account, Pearl clicked on the link within the email that allegedly would allow her to instantly secure her account and entered her current password on the following webpage to update it. All it contained was a screenshot of Pearl's Twitter profile and a link. Three hours later, the admin sent a text message, "Sold".
Pearl had been the victim of a phishing attack. The email did not come from Twitter but from a hacker who had copied the appearance of an official Twitter message. Pearl was out when the email arrived and thought she couldn't afford to wait until she got home to read it on her computer. If he did, he might have noticed the suspicious email address it came from or the fact that the link didn't lead to the official Twitter URL.
Pearl's account was just a sale on a large and lucrative black market for verified Twitter handles. In this particular Telegram group, checking a verified account typically costs a couple of hundred dollars, which buyers typically hope to recoup by promoting NFT scams.
Within hours, the hacker sent hundreds of tweets announcing a new "crash" with a phishing link, prompting buyers to transfer a sum of cryptocurrency in exchange for a fake or absent NFT. Both pledges were tied to the same Telegram group, where the accounts were for sale. Some hackers even recruit smaller NFT artists into the scam. No obvious associated scams. When informed that they had been promoted from a hacked account, the official Meta Battlebots Twitter account replied, "Don't worry." A moment later, the reporter's account was blocked, ending the conversation.
Dipanjan Das, a security researcher at UC Santa Barbara who conducted an in-depth study on NFT scams, says a verification badge adds a seal of authenticity and a scammer with a verified Twitter profile can attract much more attention and have a better reputation. greater impact.
"In a single ordinary NFT scam, it's very easy for scammers to make hundreds of thousands of dollars," Haseeb Awan, founder and CEO of Efani, a secure mobile service provider, told The Verge.
Previously, blue check thefts on Twitter were rare and coordinated, largely traded on markets like Swapd and Ogu.gg.
Most of the hackers behind Twitter blue check thefts rely on an attack called "credential stuffing," based on conversations The Verge has had with many current and former hackers who have requested anonymity for fear of community pushbacks. security. In a credential stuffing attack, hackers start with a large leaked database of username and password combinations, which are no longer difficult to find, thanks to the increase in large-scale breaches. The attacker brutes usernames and passwords from matching credentials in the Twitter login form and sells successful visits to their groups. When this approach hits a wall, either because the account has two-factor authentication enabled or because they haven't reused the password of a hacked account, attackers turn to phishing. As email phishing becomes less effective through email, many have moved to try it out on Twitter, reusing a hack.
Someone I must have followed on Twitter who was blue-check verified sent this to me: pic.twitter.com/sGTlNelTki
— WUDAN YAN (@wudanyan) May 3, 2022
A former hacker named "Owen," who worked on developing credential stuffing programs, told The Verge that at any one time, dozens of verified profiles are compromised and looking for a buyer. In a DM conversation I saw, a potential buyer said they were looking for someone experienced in NFT theft with verified profiles. "I can give you around 500 'verification' within the next month," he added.
And while individual engagements can be a headache for users like Pearl, it's still quite rare that platforms don't seem to care about ongoing trading.
Twitter communications manager Celeste Carswell says the social network actively works to educate people on how to avoid scams and blocks millions of suspicious spam accounts every week. “Unfortunately the fraudsters h