The Industry

A Phishing Scammer Is Buying Ads on Twitter That Look Like They’re From Twitter

An Indian man poses for a photograph using Twitter on his cellpohne in Siliguri on March 27, 2018. 
        India's ruling and main opposition parties on March 26 accused each other of using social media dirty tricks to mine and share followers' personal data. Prime Minister Narendra Modi's Bharatiya Janata Party (BJP) and the Congress party of Rahul Gandhi have seized upon the data breach storm surrounding Facebook and other media to score political points against one another. / AFP PHOTO / DIPTENDU DUTTA        (Photo credit should read DIPTENDU DUTTA/AFP/Getty Images)
2018: There’s fake Twitter on Twitter.
DIPTENDU DUTTA/Getty Images

Update, July 23, 2018, 7:52 p.m.: After this article was published, we were contacted by a woman who provided documentation that showed she was originally the owner of the Twitter handle @asoiaf_ftw. This woman explained that she herself had clicked on a Twitter post in order to “Get verified on Twitter”—a post like the one we reported on below—and that subsequently her account appeared to have been hacked, posting the “Get verified” tweet without her permission. This original account owner said she changed her Twitter password when she noticed the strange tweet, but that her account was suspended later that same week, and that Twitter has not responded to her appeal of the suspension. Original post below:

On Monday, while taking an early morning scroll through Twitter, I noticed a peculiar ad that seemed perfectly tailored to me, an unverified journalist who has tried to get verified, but gave up because Twitter temporarily suspended its verification program—with good reason, considering the heat it took for verifying a white nationalist—last fall.

The ad from Twitter user @asoiaf_ftw invited me to “Check out” a link to “Get verified on Twitter,” complete with a little white Twitter bird set against the company’s iconic blue background. “Begin now to receive the official blue badge,” the link description read, directing me to click on a link to twittersignup.info, which took me to a site that looked a lot like a Twitter help page, but wasn’t.

A screenshot of Twitter from April's phone.
A screenshot from my phone.
April’s phone.

The page, which pulled language almost directly from Twitter’s own ad page, directed me to fill out my information on another website, twitterverifiedapplication.com, which is still active and claims that “to prevent identity confusion, Twitter is now offering the ‘verification form.’ We’re working the establish authenticity with people who deal with impersonation or identity confusion on a regular basis. Accounts with a [blue checkmark] are the official accounts.” It then asks users to fill out information about how many followers they have, their phone number, and finally their account password.

This is a phishing attack, which is the technical term for when a hacker tries to coax users into divulging their personal account information, like a password or a credit card number, which could allow someone to commandeer an account or steal their money. Even with two-factor authentication on, if users have the same password for their email that they do for their twitter account, the hacker may well be able to change the password or other account details and lock out the original owner.

Another screenshot from my phone.
Another screenshot from my phone.
April’s phone

I emailed Twitter to ask if the company was aware that it was hosting ads for false Twitter products; a spokesperson responded that they “don’t comment on individual accounts for privacy and security reasons.” But considering the company’s verification program is on hold, the account that ran the phishing attack may find some easy victims. It’s still active on Twitter.

For whatever reason, the account, @asoiaf_ftw, also appears to have a serious fascination with Deputy Attorney General Rod Rosenstein and corruption in the Trump White House, having replied to Trump’s Twitter account 10 times in the past 24 hours, mostly about Russia, and taking the time to highlight sections of a recent report from House Democrats on Russian interference in the 2016 campaign election.

Which, at the very least, is a convenient reminder. Primaries for the 2018 midterms are already underway. Candidates are revving up their campaigns for what’s sure to be a high-stakes race. And, as with 2016, much of that campaigning will happen over social media. But if Twitter isn’t even screening out ads impersonating Twitter, there’s a good chance the company isn’t quite ready for what the campaign season will bring—i.e. all kinds of bots and trolls running wild across Twitter, Facebook, Instagram, and maybe even Pokémon Go, from Russian agents and domestic provocateurs alike. The first thing it ought to verify is that it cares about cleaning up this mess before it really begins.