Twitter really needs to get its act together when it comes to managing ads and sponsored posts. On Sunday, a Twitter user (full disclosure: our former Debug editor Mike Wehner) spotted a promoted tweet promising to help you get verified on the social network. The tweet isn’t actually from Twitter, however—it’s a scam that takes you to a phishing site.
If you click on the ad, it asks for your Twitter password, your phone number, and your credit card information in exchange for verified status on the app. This isn’t the first time this type of sponsored content has cropped up on Twitter. A very similar verification-related phishing scam made the rounds in the fall of 2016. You can check out what this year’s variant looks like below. According to BuzzFeed, the website the ad directed you to is now offline, and the two accounts promoting the site have been removed from Twitter.
https://twitter.com/MikeWehner/status/950089795908366343
On Twitter, the blue check mark of a verified user indicates that it’s an account of public interest and that it’s authentic. For many, it’s a highly sought-after distinction, as it can lead to more followers and higher post visibility on Twitter. In the past, anyone could apply for this verified badge, but it has since edited its guidelines of what makes an account verified-worthy. It’s also introduced new rules as to the behavior verified users are expected to exhibit in the app. The real form to apply for verification on Twitter is here.
Twitter has an ad review policy and ad approval process in place, and phishing is clearly a violation of those terms. It’s troubling that this ad managed to slip through the cracks, though, particularly given recent events.
In the wake of the 2016 election scandal and the role Russia played on social media, ads on popular media sites such as Google, Facebook, and Twitter have come under scrutiny. Twitter, in fact, banned several Russian organizations from purchasing ads on its platform in the future. However, despite these events, it’s clear that Twitter’s ad approval process still has serious holes. Prohibiting targeted, misleading advertisements may be challenging to fully prevent, but detecting spam and phishing attempts in its ad platform—particularly ones that spoof Twitter’s own features—that shouldn’t be a difficult feat.
https://twitter.com/andrewkueneman/status/950357613258133505?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.buzzfeed.com%2Fcraigsilverman%2Ftwitter-keeps-allowing-hackers-to-run-malicious-ads-that
In a request for comment, a Twitter representative said that the company doesn’t comment on individual accounts for privacy and security reasons.
H/T Mike Wehner