URL to Fake Twitter Account Verification Page Clicked 17,000 Times in a Month, 3000 in this week alone
Twitter users were easily tricked by a fake verification page set up by miscreants with a verification checkmark from the service that attracted over 17,000 visits on the page in June.
These crooks who designed the page wanted to gather payment card data and credentials for email accounts. The objective to ask these details was for the completion of identity verification and getting the blue badge.
In addition, more details are required, such as the amount of followers and number of times their account was suspended, responding to question such as why the victim thinks they should be verified, as reported by Malwarebytes.
These details may look not relevant to a cybercriminal; however, in order to expand their criminal business, the opposite holds true as this really helps them choose the popular accounts to settle with.
After this beginning stage, the potential victim is notified that a fee is required for faster processing of the data, reports Christopher Boyd of Malwarebytes.
The miscreants don’t request for $4.99 / €4.50, which is a fee apparently thought of worth paying by a large number of users who expect the much yearned verification mark next to their Twitter name.
This is indeed the step where card data is accumulated as the user is offered with fields for card number, name, address, expiration date, CVV, phone number, state, country and zip code and confirmation email just waiting to be filled.
The bogus offer is given away via various communication channels, of which Twitter is one of them, via a Google short link. More than 3,000 users (mostly from the US and UK) have clicked the link with the overall tally reading as 18,059 visits during the last week.
Boyd says “There’s no way to know how many people completed all of the steps, but there’s potential here for the scammers to have made off with quite the haul of stolen accounts and pilfered payment credentials.”
If no alarm bell is rung by this insistent and peremptory request for all this sensitive information, then the green padlock in the address bar should in the absence of a safe connection.