As Twitter announces plans to charge users $8 a month for Twitter Blue and account verification, some users have started receiving phishing emails to steal the passwords of unwitting users.

Analysis by BleepingComputer revealed these emails were originating from servers of hacked websites and blogs that may be, for example, hosting dated WordPress versions or running unpatched, vulnerable plugins.

Clicking on the link takes the user to the phishing webpage where threat actors misuse the $8 monthly fee announcement from Musk’s tweets:

The phishing workflow collects users’ Twitter usernames, and passwords, and proceeds to send them a two-factor authentication code via SMS.

A more convincing phishing message also received and analyzed by BleepingComputer is shown below:

via: bleepingcomputer

This email incorporates identical wording to the phishing page itself and has an overall look and feel that is more akin to Twitter’s branding.

Currently, Twitter has a verification process that requires celebrities and other people of interest to confirm their identities.

Additionally, it offers Twitter Blue, a monthly subscription that allows for more service customization.