Blue Badge Verification Phishing Scam On Twitter Goes Viral

The account verification in Twitter means, you will receive the blue verified badge. At present, anyone can apply for this and the Twitter team will take the necessary decision whether to award or not. The people who seek this elusive badge have now become the target audience of cyber criminals who have launched a phishing scam targeting them.

The IT security researchers at the Proofpoint have found a phishing scam that targets Twitter users in which the cyber criminals are pretending to be the official Twitter team which does the verification of an account with a blue badge. But, in reality, this scam is just about stealing the login credentials and the financial data.

This scam is very sophisticated as it starts with a Twitter account “@SupportForAll6” (which is now suspended) placing legitimate ads on the Twitter which are then linked to a phishing website “twitterhelp.info” (this is also suspended, obviously). Once the user has clicked on the ad, they are straight forward taken to their phishing site which then asks them to “Get started” the verification process.

Furthermore, if the user clicks on the Get Started tab, they are then taken to another page that asks them to add their phone umber, passwords, login email, and their credit card data. Just remember, the Twitter verification process is totally free.

According to Proofpoint “While there is no validation on the form asking for account information, allowing users to submit empty values, this is not the case with the financial information; this cannot be submitted without providing the requested credit card information.”

It must be noted that the official Twitter support account has more than 5 million followers and checked with a blue badge unlike the one with 119 followers with no verification badge whatsoever.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA