Twitter hands out the coveted blue tick verification badges to users of note who have verifiable identities such as journalists, celebrities, sports stars, politicians, and more. The idea behind this is that it stops scammers from pretending to be notable personalities and scamming innocent Twitter users. Unfortunately, however, it looks like some verified accounts on Twitter are being used by scammers for that exact purpose. Let’s check it out.
Reporters on BleepingComputer were recently targeted by a phishing scam that aims to steal your Twitter credentials and take control of your account. The scam comes from an account with a verified blue tick, but it also opens up the possibility of more verified users losing control of their accounts to scammers.
The way the scam works is by sending out a message saying that the victim’s account has been flagged as inauthentic and unsafe and so will be deactivated. It offers a TinyURL link that will take the victim to the verification page where they can authenticate their identities. To do this, however, they will have to input their Twitter login credentials, which will then be stolen by the scammers.
The reason this type of phishing scam could do well is because people who have been verified, greatly value that status and so may act before thinking when they receive a message like this. Before they know what has happened, they have handed over the keys to a verified Twitter account to a malicious actor.
As always with these types of scams, there are little giveaways that should set alarm bells ringing. A TinyURL should immediately set you to high alert. For more tips on spotting phishing scams, check out our infographic on spotting scam emails.
Unfortunately, however, some people will fall to these types of scams, and you have to be even more vigilant when you are online. You should always pause to think whenever you receive a message out of the blue and that now includes Twitter messages from direct accounts. Also, make sure you never input your security credentials anywhere other than the official site they are for.
For more information on how to stay safe online, check out our guide to malware, phishing, spyware, and viruses.
