“Jesus Christ, Twitter is promoting a phishing site that claims to offer verification and asks for your password, phone number, and credit card information,” Mike Wehner, trending news editor from BGR, tweeted Sunday, along with a selection of screenshots of the offending site.
Customers have long been able to pay Twitter to promote certain posts, and increase how many people see them. Marketers typically use the feature to boost their advertisements, giving them a further reach.
Judging by Wehner’s screenshots, the phishing site first presented a convincing looking, but fake, Twitter page that explained the merits of having an account verified—or certified as genuine by Twitter’s internal apparatus.
“Being verified is more than a cool badge on your profile, it signifies authenticity and ensures the community that you are an official account,” the page reads.
After providing some basic information, the site then asks for a user’s credit-card number, expiration date, security code, and billing address—likely enough information for a cybercriminal to then use those payment details elsewhere.