Twitter promotes 'get verified' phishing scam that actually steals your account, credit card details

As Twitter continues to struggle in policing and protecting its network against trolls, online harassment, neo-Nazis and illegal activities, the social media giant has apparently allowed a fake website to purchase promoted tweets. The promoted tweet in question, which popped up on multiple users' feeds, claimed to offer users the coveted blue "verified" checkmarks that is often seen as a status symbol on the platform.

The tweet by @BusinessTweet30 and @UpdatedTweets5 leads to a phishing website "Verifiedreview.today" designed to look like a Twitter-hosted site, complete with similar font, colours and language. The phony website, however, is not actually affiliated with the social media company.

"Being verified is more than a cool badge on your profile, it signifies authenticity and ensures the community that you are an official account," the page reads. "To prevent identity confusion, Twitter is now offering the verification form. We're working to establish authenticity with people who deal with impersonation or identity confusion on a regular basis."

The website features a form that asks for your Twitter username and password, your email address, phone number and credit card information including expiration date and security code in exchange for a verified status and blue tick on Twitter. If submitted, this information could use it to hijack someone's account, exploit the payment card details or sell the data online.

The fake website is no longer online and the two Twitter accounts linked to the scam have since been removed from the site, BuzzFeed reports. It is unclear if and how many people did fall for the phishing scam and handed over their details.

"We don't comment on individual accounts for privacy and security reasons," a Twitter spokesperson told the media outlet.

Twitter recently halted its "broken" verification system after backlash over its recent awarding of white supremacists including the blue tick.

Although Twitter is no stranger to phishing scams, the latest incident does highlight serious flaws in Twitter's ad approval system. It is also not the first time Twitter has landed in hot water over its advertising policies.

Tech giants Facebook, Twitter and Google have been grilled over the role their platforms played in Russia's misinformation campaign on social media after Kremlin-linked entities bought thousands of dollars' worth of divisive ads to influence the 2016 US presidential election. The UK government is also investigating Russian meddling via social media in the general election and British politics as well.

Following backlash and criticism, Twitter banned several Russian organisations including RT and Sputnik from purchasing ads on the platform.

According to Twitter's ad approval policy, paid advertisements "are submitted for approval on an automatic basis, based on an account's advertising status, its historical use of Twitter, and other evolving factors."

"Review generally takes into consideration how an account uses Twitter, its profile, and content and targeting included in any active or draft advertising campaigns," Twitter's policy states.