Posted on January 9, 2018 at 4:40 PM
Twitter Promotes Phishing Scam Which Steals User Credit Card Info
Twitter has been at the receiving end of widespread criticism after they promoted a “Get Verified” phishing scam which stole users’ credit card details.
In the last few months, Twitter has been navigating a complex minefield of issues on its network such as trolls, online harassers, neo-Nazis, as well as several other illegal activities that use Twitter as a platform. The social media platform has clearly been grappling with issues such as protecting its users, while also adhering to freedom of speech and privacy, while at the same time policing its network for illegal or harmful activity. It’s been a trial-and-error process which has placed Twitter at the receiving end of criticism. The critique only became aggravated after the latest incident where Twitter promoted a Tweet which claimed to offer regular users blue checkmarks which are generally received for celebrities and public figures.
The Tweet by accounts @UpdatedTweets5 and @BusinessTweet30 promotes a website “verifiedreview.today” which claims to provide users with verified blue checkmarks on their account but is actually a phishing scam which steals a user’s credit card details. The website in question has been designed to be misleading, as it imitates Twitter in its design, used colors, and language users, which tricks users into trusting the site. However, the website has since been discovered to have no ties to Twitter.
Jesus Christ, @twitter is promoting a phishing site that claims to offer Twitter verification and asks for your Twitter password, phone number, and credit card information "for verification" pic.twitter.com/B1Nu0D0rEz
— Myke (@MikeWehner) January 7, 2018
The fraudulent website touts the status associated with a verified checkmark and then claims that Twitter is now allowing any user to verify their identity in order to ensure authenticity on the website.
To benefit from the service, users are asked to fill in a form which asks information such as the user’s Twitter login credentials, mobile number, address, and email address, but also credit card details including the expiry date. However, once a user submits the form, the user’s account is hijacked and their credit card details are sold online on Dark Web marketplaces.
Since the website has been discovered to be fraudulent, it has been removed in addition to the Twitter accounts used to promote the website. So far it has not yet been confirmed how many users were affected by the phishing scam.
When asked to comment on this instance, a Twitter spokesperson stated that Twitter does not deliver comment on any individual user accounts for the sake of their security and privacy policies.
The scam was perhaps so popular as Twitter recently ended their verification system following criticisms that the system was flawed and promoted white supremacists.
Phishing scams are common amongst the hacking community, however, this latest incident has perhaps pointed to some serious flaws in Twitter’s advertisement approval system. Advertising policies is another subject over which Twitter has received a lot of fire in recent months.
In the last few months several social media platforms including Twitter, Google, and Facebook, has come under fire for their involvement in the manipulation and misinformation campaigns which has been traced back to organizations linked to Russia during the 2016 electoral campaign. In this period, the Kremlin-affiliated organizations spent thousands of dollar to buy ads that would sway the public opinion in current President Donald Trump’s favor. Currently, the United Kingdom government is investigating claims of similar activity during their last general election.
Twitter received a huge amount of criticism after this discovery and has since banned the Russian organizations, Sputnik and RT from buying ads on their network.
Twitter’s current advertisement policy dictates that paid ads will only be displayed following approval. According to the policy, approval depends on several factors including the relevant account’s advertising status, their Twitter history, and other undisclosed factors.
