Scammers bought Twitter ads to run verified badge phishing scam

Would you believe that the verification program approved by Twitter to verify users has now become part of a phishing scam?

Last year, Twitter approved a program for helping users get verified on the social media platform. It was dubbed as the Twitter verification program. But, it received severe criticism and got suspended in late 2017 after a major controversy erupted when a number of white nationalist personalities got verified on Twitter.

Initially, Twitter stated that the verification program should be considered as an identity proof instead of serving as the platform’s endorsement of personal ideas of any user. However, after receiving a lot of criticism for this program, as it created confusion and anxiety among users, it decided to suspend the program temporarily.

However, now cybercriminals are making use of the account used for posting about the program for fulfilling their personal nefarious agendas. According to a Slate journo April Glaser, a suspicious and odd-looking ad appeared on her Twitter feed on 2 May, sent by someone using the Twitter handle @asoiaf_ftw.

Glaser was invited to check out a link that would help to get herself verified on Twitter. Apparently, the ad seemed authentic as it contained Twitter’s blue color scheme as well as the trademark bird logo.

See: Twitter Users Hit with Blue Badge Verification Phish Scam

When Glaser clicked on that link, she was taken to a page that was identical to the legitimate Twitter help page while the language was taken from the official ad page of Twitter. Glaser was requested to provide some details but on another site twitterverifiedapplication.com. This website seemingly helped people to deal with online identity theft or identity confusion issues. She was asked to enter user follower counts, account password, and contact numbers.

Scammers bought Twitter ads to run verified badge phishing scam

She became suspicious of the ad and the site that it led to, so she contacted a Twitter representative and was told that it was indeed a phishing scam probably designed to steal Twitter and email accounts of those who got deceived. After all, so many people use the same user ID and/or password for accessing multiple online services.

Twitter states that it cannot be held responsible for individual user accounts and the misleading advert since the account in question is already suspended. However, the account somehow has remained active as it regularly posts about Trump administration’s corrupt ways.

What we can learn from this issue is that even the most reliable online platforms cannot be fully trusted in terms of privacy and security. Moreover, we can expect an array of major issues ahead now that the United States is preparing for mid-term elections.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.