“What’s going on” is a very good question. The answer to that question, is that you’ve had a narrow escape from a phish targeting people who desire Twitter verification.

The fake site, located at

twitterverifiy(dot)verifiy(dot)ml

poses as an app to be authorised, but is simply out to steal login credentials. Take note of the rather unique spelling of “verify” in the URL, too.

wiki twitter phish

After hitting the “Authorize app” button, the victim is redirected off to the real Twitter website. At this point, the scammers are free to do what they like with the stolen account.

One assumes the scammers behind this one aren’t really paying attention to who they send their messages to (and the screenshot cuts off the username of the spam account, so we can’t see what else they’re up to).

Suffice to say, if you have your Direct Messages open to all then potentially you could receive a missive such as the one above. Verification has a specific process attached to it, and although it’s currently changing, you definitely won’t get  a blue tick next to your Username by giving permission to phish pages posing as non-existent apps.

No matter who you are, now matter how involved in issues of privacy and / or security you may be, there’s always the possibility you could get caught out by a clever scam. Keep your wits about you, and steer clear of “too good to be true” offers – more often than not, they’ll just add another “How do I fix this?” task to the pile.

Christopher Boyd