Twitter blue badge phishing scams are targeting verified accounts

If you have a verified Twitter account (with a blue badge), be careful — you’re a potential target in this latest phishing scam!

How Twitter blue badge phishing scams work

Many verified Twitter account holders have reported receiving messages from “Blue Badge Support” (or sometimes from other verified accounts). These messages claim that their account will be deleted because they’ve been “reviewed as spam” or they’re accused of “copyright infringement”. Here are some examples:

Via direct message

Twitter phishing message. Source: Twitter

Twitter Blue Badge Support

Hello, Twitter User! Your blue badge Twitter account had been reviewed as spam by our Twitter team. We understand how valuable the blue badge is to you. Please appeal using the form below, otherwise your blue badge may be deleted. notification-channel[.]com/twitter-verifi… Thanks Twitter Team

Twitter phishing message. Source: Twitter

Hi Dear User,

Copyright infringement was detected in one of the tweets on your account. If you think copyright infringement is wrong, you need to provide feedback. Otherwise, your account will be closed within 48 hours. You can give feedback at the link below. Thank you for your understanding.

Via email

Twitter phishing email. Source: BleepingComputer

Hi! You’ve got 1 notifications from Twitter Verified

Remember, receiving a notification from Twitter Verified means that there is a problem with your verified account. (blue badge) Check notifications NOTE! Ignoring these messages from Twitter Verified can lead to the suspension of your account.

These messages are scams

These messages and emails are NOT legitimate. The scammers’ goal is to steal your account credentials.

They lie to you, saying that your account will be deleted if you don’t act immediately. They prompt you to click on the attached links to submit feedback or file a report. Don’t fall for it!

If you do as instructed and click on a malicious link, you will be taken to a fake Twitter log-in page that is designed to steal your account information:

Fake Twitter log-in page. Source: BleepingComputer

Here, scammers can record your password and use it to gain access to your Twitter account. They can then spread scams and malware to other Twitter users under your name (using your verified account!).

How to protect yourself

  • Know that Twitter will never ask you for your login credentials via direct message.
  • Reach out directly to Twitter Support for help if you think there are issues with your account.
  • Verify that links are safe before clicking on them. Does the URL look suspicious?
  • Be extra cautious of links or buttons in direct messages or emails – even if they were sent by verified accounts.
Share on social media:

Leave a Reply

Your email address will not be published. Required fields are marked *