Twitter account verification means your account will get a blue verified badge. Currently, anyone can apply for this verification, yet it depends on the Twitter team to decide whether you will be awarded a blue badge or not. The seekers of the elusive badge have now become the target of cyber criminals who have launched a phishing scam against them.
Yes, IT security researchers at Proofpoint have discovered a phishing scam targeting Twitter users in which cyber criminals are pretending to be the official Twitter verification team eager to verify victims account with a blue badge. However, in reality, the scam is all about stealing their login credentials and financial data.
The scam is quite sophisticated because it starts with a Twitter account “@SupportForAll6” (now suspended) placing legitimate ads on Twitter which are linked to a phishing website “twitterhelp.info” (now suspended). Once the user clicks on the ad, they are taken to the phishing site which further asks them to “Get started” with the verification process.
Furthermore, once the user clicks on the Get Started tab, they are taken to another page that asks them to add their phone number, login email, passwords and credit card data. Remember, the Twitter verification process is completely free.
According to Proofpoint “While there is no validation on the form asking for account information, allowing users to submit empty values, this is not the case with the financial information; this cannot be submitted without providing the requested credit card information.”
It must be noted that the official Twitter support account has more than 5 million followers and checked with a blue badge unlike the one with 119 followers with no verification badge whatsoever.
For seasoned Twitter users, this will be enough to ring alarm bells and they would understand quickly that it’s nothing but a scam, however, in the case of unsuspecting or new users, it is possible that they may fall for this scam since everyone wants the blue badge.
At the time of publishing this article, the fake support account and the phishing sites both were suspended. However, to keep yourself updated with the latest phishing and other online scams follow us on Twitter.