From the scam emails as sighted by TechCrunch, the hackers send a request to users asking if they would like to confirm their verified accounts and profiles so they will not be affected by the new update.
Users are told that Twitter would remove the verification status from unconfirmed user accounts and those that are affected would be made to pay the $20 fee. They also tell their targets that once they verify their profiles on their webpage, they will be properly confirmed and verified and will have no need to pay the $20 fee.
In a bid to confirm their profiles, the users are then deceived into posting their usernames and password on the hacker’s website which is disguised as a Twitter help form.
ADVERTISEMENT
As explained by TechCrunch, the Gmail account from where the scam emails are sent is linked to a Google Doc and also has another layer with another link to a Google Site.
This layer of evasive network creates a maze which makes it very difficult to trace and also, creates a barrier for deep scanning and for google to detect abuse and delete the offending messages.
The emails, however, would greatly affect accounts that do not have strong two-factor authentication and can greatly compromise a user account once it gains access to a Twitter handle, password and phone number.
The Russian site - Beget which hosts the website has been alerted and the offending site has been pulled down according to TechCrunch
ncG1vNJzZmivp6x7scHLrJxnppdkr7a%2FyKecrKtfmbyusdKtoJxnpKy2tcDEq2SvnaKes6qvwK2gqKZdqsCmvtJmmKWdoqmypXnArGShmZOgsrO%2FjJ6km5mioHqwuoysmpqlXZp6rq3IpWScmZ2lrqqzzWinnGqeaX1z