Twitter account verification means your account will get a blue verified badge. Currently, anyone can apply for this verification, yet it depends on the Twitter team to decide whether you will be awarded a blue badge or not. The seekers of the elusive badge have now become the target of cyber criminals who have launched a phishing scam against them. 

Yes, IT security researchers at Proofpoint have discovered a phishing scam targeting Twitter users in which cyber criminals are pretending to be the official Twitter verification team eager to verify victims account with a blue badge. However, in reality, the scam is all about stealing their login credentials and financial data.

More: Change Your Passwords! Hacker Selling 33 million Twitter Logins on Dark Web

The scam is quite sophisticated because it starts with a Twitter account “@SupportForAll6” (now suspended) placing legitimate ads on Twitter which are linked to a phishing website “twitterhelp.info” (now suspended). Once the user clicks on the ad, they are taken to the phishing site which further asks them to “Get started” with the verification process.

Screenshot of the fake Twitter handle offering fake verification ads

Furthermore, once the user clicks on the Get Started tab, they are taken to another page that asks them to add their phone number, login email, passwords and credit card data. Remember, the Twitter verification process is completely free.

According to Proofpoint “While there is no validation on the form asking for account information, allowing users to submit empty values, this is not the case with the financial information; this cannot be submitted without providing the requested credit card information.”

It must be noted that the official Twitter support account has more than 5 million followers and checked with a blue badge unlike the one with 119 followers with no verification badge whatsoever.

Original Twitter support account

For seasoned Twitter users, this will be enough to ring alarm bells and they would understand quickly that it’s nothing but a scam, however, in the case of unsuspecting or new users, it is possible that they may fall for this scam since everyone wants the blue badge.

More: BBC, NYT Twitter accounts hacked; posts fake news about Trump and Putin

At the time of publishing this article, the fake support account and the phishing sites both were suspended. However, to keep yourself updated with the latest phishing and other online scams follow us on Twitter.

DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.