Staying safe online is harder than ever, as today, you have to be wary even when it comes to the advertisements posted by verified accounts on social media platforms. The former social media hub Twitter, now known as X, has been used as a medium by bad actors to scam or lead users to phishing websites and steal their sensitive data.
But how exactly did hackers get a hold of these verified X accounts? It turns out that with a simple keyword search on Google, such as “Twitter gold buy,” you can actually buy gold-verified accounts used by legit businesses on X.
Hacked Accounts on X Sell for as Little as $1,200
On X, businesses stand out once they receive their gold tick verification. They have to pay around 200$ monthly to verify their accounts, and once the verification occurs, they receive their gold-tick mark.
This mark showcases that a business is legit and belongs to an organization or celebrity. Regular users can also have a blue checkmark to showcase their active subscription, but no identity verification is required, only a monthly payment.
As regards government agencies on X, they bear a gray checkmark on their profile to showcase their legitimacy. No matter what an account’s mark is, these checkmark programs are designed to build trust.
However, Cloudsek, a digital risk protection platform, has identified several advertisements for selling gold-rated X accounts on several platforms, including Telegram, Facebook, dark web forums, and other online marketplaces.
Each X gold account is sold with a different price tag depending on its recognition and reach value. The more a gold-verified X account business has followers, the higher the price tag. For example, most gold badge accounts on X are sold at the starting price of $1,200 and can reach $2,000 or more. Some inactive accounts can be bought for as little as $35.
Scams and Other Online Threats Through X Accounts
Verified accounts, such as those marked with the gold checkmark, are more readily trusted by users than unverified accounts. This veil of trust, unfortunately, can be used maliciously by hackers and other cyber criminals who either buy these accounts or hack them and use them.
Once a bad actor has gained access to a gold X account, they can easily publish links to phishing websites and job scams, spread disinformation, or more. Unsuspecting victims will naturally click on the posted links easily as they trust the content published by these gold X accounts.
However, their sensitive data can be easily stolen once they click the links. Users can get malware or ransomware on their devices, and these programs can hold their data hostage, steal it, or leak it further to the dark web.
Once victims realize what’s going on, it may be too late. The biggest problem, though, is related to liability, as finding the person responsible for the hacked X account is almost impossible. Sometimes, bad actors post links through these accounts with domain names similar to the company’s domain. This way, victims can easily fall prey to a common yet still efficient phishing scam.
Dormant Accounts Brought Back to Life
Various organizational accounts on X that have remained dormant since 2022 are the primary target for hackers. Cybercriminals may use various tools, such as Open Bullet or SentryMBA, to take them over.
Once these accounts are hijacked, hackers change their email recovery and contact details to prevent organizations from reclaiming their accounts. They then pay to reactivate the gold status on the stolen accounts and put them up for sale on the dark web or other online markets.
These hackers employ various other techniques to gather X account login credentials. Such techniques include stealer malware programs. Yet, their modus operandi remains the same. Hackers achieve the gold status on these stolen accounts and put them up for sale.
The fate of these accounts is then decided by whoever buys them, mostly other cybercriminals who wish to make more money through crypto scams, job scams, or phishing.
Preventive Tips to Avoid Getting Hacked
There are various ways that X users can prevent their accounts from getting hacked or infected with malware. Here is what to consider:
Use a VPN Proxy Extension
A VPN proxy extension is among the best ways to avoid potential malicious links. This extension comes with various features that block ads and dangerous links even if you click on them.
This way, you neutralize a cyber attack even if you let your guard down and click on a suspicious link. Apart from this, proxy extensions change your real IP address and encrypt your online data to protect you from online hazards 24/7.
Double Check Links
It’s easy to fall prey to a compromised gold-verified account on X. However, if you habitually read a link before clicking it, you may discover that something is different from the publisher. In this case, avoiding clicking on the link is best, especially if their top-level domain (TLD) is different.
Report Identity Theft
If you suspect that an X account or yours has been hacked and the perpetrator continues using it as their own, you should report it immediately. This way, you ensure that other users, especially your connections, won’t fall to phishing attempts.
If that account was connected to your bank, contact your bank immediately and report the identity theft.
Enable Two-Factor Authentication
No matter what type of account you have online, enabling two-factor authentication will add an extra layer of protection should a hacker target your accounts. If your account is compromised, you can always use your second authentication method, such as a fingerprint or phone number, to regain access to your account.
