Fake Verification Offers Used to Hijack High-Value Social Media Accounts
A large-scale phishing campaign is targeting users on Facebook and other platforms. The scam promises free blue tick verification badges. Security experts warn that the attack has already compromised more than 30,000 accounts.
Researchers from Guard.io revealed details of the campaign. They found that attackers are exploiting the strong demand for verified badges. Many users see the blue tick as a symbol of trust and authority.
The scam focuses on high-value accounts. These include business profiles, influencers, and content creators. Such accounts can be resold or misused for financial gain.
Investigators believe the operation is linked to a cybercrime group based in Vietnam. This group is known for hijacking social media accounts and selling them on underground markets.
Advanced Phishing Methods Bypass Security Systems
The attackers are using advanced phishing techniques. One key method involves sending emails through trusted systems instead of fake domains. This makes the messages appear legitimate.
In several cases, scammers used Google AppSheet to send notification emails. These emails look official because they come from a recognised service. As a result, users are more likely to trust them.
The phishing messages use different tactics. Some warn users about account suspension due to policy violations. Others claim copyright issues. Many offer free verification without requiring a paid subscription.
When users click on the links, they are redirected to fake pages. These pages often include CAPTCHA tests and login forms. The design closely mimics real verification processes.
Victims are then asked to enter their login credentials. In some cases, they also provide two-factor authentication codes. This gives attackers full access to the account.
Scammers also use technical tricks to avoid detection. They insert invisible characters into email addresses. They modify text slightly so it bypasses automated security filters. However, the content still looks normal to users.
Rising Threat Highlights Need for Strong User Awareness
Cybersecurity experts stress the importance of awareness. Users should be cautious when receiving unexpected emails. Messages offering free verification should be treated with suspicion.
Experts recommend avoiding unknown links. Users should always verify messages through official platform channels. Logging in directly through the official website is safer than clicking email links.
The scale of this attack shows how effective phishing campaigns have become. Even experienced users can be misled by realistic-looking messages.
Social media platforms continue to face growing security challenges. As verification systems gain value, scammers are increasingly targeting them.
Users are advised to enable strong security measures. These include two-factor authentication and regular password updates. Monitoring account activity can also help detect unauthorised access early.
The ongoing campaign serves as a warning. Digital trust indicators like blue ticks are now being weaponised by cybercriminals. Staying alert is the best defence against such evolving threats.
