A scam ad approved by Twitter claimed to help users get verified on the platform.
Twitter’s verification programme has been suspended since late 2017, following major controversy about the verification of several white nationalist figureheads on the platform.
While the company said that verification was supposed to be viewed as proof of identity as opposed to approval of a person’s ideas, its programme was causing too much confusion and consternation and was temporarily shuttered.
An unusual advert
April Glaser, a journalist working for Slate, recently noticed something odd about an advert on her own Twitter feed on 2 May. The advert was from user @asoiaf_ftw and invited her to click through to a link it claimed would help her become verified on the platform. The advert looked fairly legitimate, with Twitter’s blue colour scheme and iconic bird logo.
The site took her to a page that appeared to be a Twitter help page with language pulled from the company’s official ad page, but it directed Glaser to fill out her details on another website: twitterverifiedapplication.com. This site claimed to be working with people who regularly deal with online impersonation or “identity confusion” and asked for user follower counts, phone numbers and the account password.
This level of phishing attack could provide bad actors ways of accessing not only Twitter accounts of those who fall for the scam, but also email and other online accounts, considering so many people still use the same password for multiple online services.
A spokesperson for Twitter told Glaser that the company cannot comment on individual accounts for privacy and security reasons, but the account appears to have been suspended since Glaser shone a light on the issue. The account had also been tweeting about corruption in the Trump administration on a regular basis.
This incident clearly shows that there are a series of major issues ahead of online platforms such as Twitter, particularly as the US gears up for the 2018 midterm elections. Considering that a large number of these companies have had to appear in front of political leaders to explain just how vulnerable they were to interference during the 2016 US presidential election, there will likely be a much more stringent approach in terms of account monitoring in the next few months.