7 February 2023
What happens?
Phishing emails that appear to come from Twitter are used by cybercriminals to trick people into giving away their personal information.
They may say you need to login to verify your account details, there has been suspicious login activity, or your password is expiring.
These emails will typically ask you to click on a link that takes you to a fake website that is manipulated to look like the real Twitter login page.
If a user believes that it is real and enters their username and password, the cybercriminals can use this information to gain access to the user's account and steal their personal information.
Is Twitter contacting me?
Twitter stated they will never send an email with attachments asking for your password via email, direct message, or reply. For more information, please see the Twitter help page: https://help.twitter.com/en/safety-and-security/fake-twitter-emails
What should I do?
- Always be cautious when clicking on links or attachments in emails- especially if they are asking you for personal information. Check the sender email address for a Gmail, iCloud, or other generic account, which is not Twitter IT support. If there are attachments, delete the email – Twitter will not send an email with attachments.
- Avoid clicking on any links and entering your information from an email. Instead, go directly to the website by typing the URL https://www.twitter.com in your browser.
- Enable two-factor authentication on your Twitter and other social media accounts. You can set this up using the Microsoft Authenticator App or Google Authenticator. This will require you to enter a code that is sent to your phone or email in addition to your password, making it much more difficult for criminals to gain access to your account. Be sure to note the one-time backup/recovery code in a safe place, in case you need to login but cannot access your MFA method.
In summary, always be cautious when clicking on links in emails and never give out your personal information. Make sure to double-check the URLs and confirm that you are on the correct website. Enable Two-factor authentication on your account, and if you do receive a suspicious email, report it to Twitter.