Another day, another couple of rogue sponsored tweets [1], [2] which lead to phishing.
The account pushing the first phish has now been deleted, but it’s trivial to set up another one – and the phishing URL itself is still active, ready to be redeployed at a moment’s notice.
Shall we take a look?
The site is located at
verifiedaccounts(dot)us
and – like the older versions of this scam – is all about getting yourself verified.
The site kicks things off by asking for username, email address, account type, phone number, year of account creation, and (finally) associated password. It’s not long before they’re sniffing around your wallet, too…
If we had to guess, phished Twitter feeds go into the pool of newly renamed “Twitter help / support / verification” accounts used in sponsored adverts.
Elsewhere, we have another one which follows the same pattern as above.
We strongly advise all users of Twitter to be on their guard – just because a tweet is sponsored, doesn’t mean the content it leads to is legitimate. Be on your guard and don’t hand over login details, payment credentials, or anything else to sites claiming they can get you verified.
Christopher Boyd