Everyone on Twitter wants that little blue circle with a check mark next to his or her name. But Twitter will only occasionally "verify" users, often celebrities, high-profile businesspeople or reputable reporters. The check mark which acts as shorthand for "you can trust this individual, who is who he or she says she is."
Getting verified isn't easy, though, which disappoints people who imagine they should be important enough to qualify for verification. This is why get-verified-quick schemes are the order of the day, and can end up costing you both money and sensitive information.
Unpacked, the official blog of San Jose, California-based security firm Malwarebytes, identified a potentially troublesome Twitter account known as "Verified6379," which draws in users by pretending to offer a step-by-step verification process. In reality, Twitter chooses which users to verify by itself, and does not accept private applications.
The account leads to a link to a fake-but-convincing application page where users have to enter their Twitter username, Twitter password (this should be a dead giveaway that the site is untrustworthy), reasons why they are worth verifying, whether their Twitter accounts have ever been suspended and how many people follow them on Twitter. (This is doubly absurd, as Twitter already knows your follower count.)
As if giving your password away weren't bad enough, the process gets worse. After submitting your information, the page informs you that there's still a $5 verification fee, which requires your credit-card number and its expiration date and security code, plus your address, phone number, mailing address and e-mail address. This reads like a wishlist of what phishers look for in cybercrime victims.
In spite of the page's rather transparent attempts at rooking users, it's proven to be quite popular, racking up more than 17,000 views in the United States and the United Kingdom. How many people have fallen for it is hard to say, but it's probably a nonzero number. As always, there is only one official verification account on Twitter, and it does not take requests.
- What to Do After a Data Breach
- Mobile Security Guide: Everything You Need to Know
- Best Antivirus Software and Apps