14 DAY TRIAL // Crooks setting up a bogus verification page for Twitter accounts received over 17,000 visits in June, showing that users are easily duped with the promise of the verification checkmark from the service.
Evil doers created the page to harvest credentials for email accounts and payment card data, all information being asked for the purpose of completing the identity verification and obtaining the blue badge.
A small fee for the blue badge
According to Malwarebytes, additional details are required, such as answering why the victim believes they should be verified, the number of times their account was suspended and the amount of followers.
Although these details may seem irrelevant to a cybercriminal, the opposite is valid because this actually helps them select the popular accounts to compromise, in order to expand their nefarious business.
Christopher Boyd of Malwarebytes reports that after this initial stage the potential victim is informed that a fee is necessary for faster processing of the data.
The crooks don’t ask for $4.99 / €4.50, which is a fee likely to be considered worth paying by a large number of users expecting the much coveted verification mark next to their Twitter name.
This is actually the step where card data is collected as the user is presented with fields for card number, expiration date, CVV, name, address, phone number, state, country and zip code and confirmation email just waiting to be filled.
Thousands of users visit the fake page
The fake offer is distributed via various communication channels, Twitter being one of them, via a Google short link. During the past week, more than 3,000 users (mostly from the US and UK) clicked it; the overall tally reads 18,059 visits.
“There’s no way to know how many people completed all of the steps, but there’s potential here for the scammers to have made off with quite the haul of stolen accounts and pilfered payment credentials,” Boyd says.
If demands for all this sensitive information do not ring any alarm bells, the lack of a secure connection, marked by a green padlock in the address bar, should.