Twitter alarms users with messages that resembled phishing emails

At least everyone was on guard enough to be suspicious of the Twitter emails.
Getty Images

Twitter sparked a panic among some users that they were the subjects of a phishing attack in what was instead an accidental mass email.

The message sent to some Twitter users went out Thursday, asking them to confirm their email addresses by clicking on a button. To many of those users who commented about it on the social media platform, it smelled like a possible phishing attempt.

Twitter clarified what had happened later that same evening.

“Some of you may have recently received an email to ‘confirm your Twitter account’ that you weren’t expecting,” the company said. “These were sent by mistake and we’re sorry it happened. If you received one of these emails, you don’t need to confirm your account and you can disregard the message.”


In the cybersecurity sphere, Twitter usually gains the most attention for its efforts to combat online misinformation, or criticisms about how it’s handling that battle.

But there’s a significant history of attackers making Twitter-based hacking attempts. One of last year’s biggest security incidents came last summer, when scammers took over high-profile Twitter accounts from the likes of then-presidential candidate Joe Biden via a phone spearphishing attack to advance a cryptocurrency scheme.

A Twitter glitch has caused a data breach before, too, prompting European regulators to fine the company for not adequately disclosing an incident in which private tweets were made public.

This time, though, it was apparently a harmless false alarm. And some cybersecurity experts thought the public reaction on the platform — cautioning against clicking on the confirmation button — was encouraging.

“Great instincts from everyone though who mentioned not to click before learning more and suspect phishing as the email was definitely a pretext a cyber criminal would use!” tweeted Rachel Tobac, CEO of SocialProof.


Twitter has a website page devoted to how to detect whether users have received an authentic email from the company.

Latest Podcasts