By targeting users of twitter and threatening to remove their checkmark, cybercriminals greatly increase the likelihood that recipients will follow the fraudulent link and enter their PII in a moment of increased panic; a perfect example of threat actors exploiting current events to increase their chances of successfully scamming victims.
Every single successfully targeted victim then faces follow-up phishing scams abusing their exposed PII in the pursuit of more valuable credentials. Their credential information will go up for sale to the highest bidder and may also be used to target their place of work, making now a good time for organisations to implement additional layers of technology and processes to continually hunt email attacks like this one that automatically eliminates the threats once identified.