It is not easy to obtain a blue badge, and threats of suspension can cause people to react without thinking. Over this uncertainty, such accounts are prime targets for threat actors.
What happens after the victim receives the email?
The threat actor via Twitter DMs sends in the message that the victims account was being suspended for some fake reason.
The email will emphasize that the victim's account has been flagged as inauthentic and unsafe.
The email also explains how Twitter takes the security of its platform very seriously and hence the suspension.
How to test the authenticity of the email?
To test the phishing scam, visit the tinyurl.com address in the DM.
This will redirect the user to https[:]//twitter-safeguard-protection[.]info/appeal/.
Ensure that the user enters the correct login details and password.
If not, then the phishing site rejected incorrect usernames/passwords.
As fake email addresses and passwords were rejected, this indicates that the phishing site is using Twitter APIs to check for valid account information.
Enter the correct information, and ensure that the Authenticity Check is completed.
The threat actors have stolen the account credentials once the authentication is complete. This is where the user must act quickly to change the credentials. What's worth noting here is that these scams are being targeted at verified users but also users whose accounts have been hacked, similar to phishing scams.