Fake Verification Tweet Steals Credit Card Information

November 23, 2016

Twitter users should be aware of a scam currently showing up in some feeds. The tweet claims to help them “verify” their accounts so that they can reach larger audiences. However, whoever is behind this one really just wants login details and payment card numbers.

It’s been reported that within a three-day period at least 812 people clicked on that fake tweet.

 

Another recommendation is to implement two-step verification on all Twitter accounts. This makes it more difficult for anyone to use the account fraudulently in the future. Twitter uses text to send a random six-digit code that must be entered before access is granted. Any time multi-factor authentication is offered for an online account, it’s a good idea to take advantage.

In addition, make sure to check payment card charges diligently for the next year at least. If anything looks unfamiliar, report it to the card issuing institution immediately.

All who have been or think they may have been victims of this scam should change their Twitter passwords right away. Make sure to use at least eight characters and combine upper and lower case letters with numbers and special characters.

Whenever entering sensitive information into a website, make sure the page is secured. It will show some sort of lock icon on the page and the address should be preceded by “https://.” In some cases, the URL or part of it will turn green to signify that it’s safe.

For this one, if a user clicks one of these fake links, a landing page appears that makes some good arguments for getting verified. Then if the “get started” button is clicked it will take the user through a series of pages asking for user name, password, email address, and other details. It appears this information is protected, as a “secure” icon shows on the address bar. However, it eventually asks for credit card details and that secure icon disappears. That should be a signal not to go any further in entering information.

To be clear, there actually is a Twitter verification process that is legitimate. You may see that little “promoted” icon on some tweets. That means that it’s likely a tweet that someone paid for in order to sell something or generate attention for some reason or another. Scammers know this process occurs and they are using it to their advantage.

© Copyright 2016 Stickley on Security