Scam of the Week - Blue Checkmarks are the Perfect Phish Bait
Have you ever noticed the blue checkmark on your favorite celebrity’s social media profile? This checkmark shows that the person has provided documentation to verify their identity. Verification helps you know a real account from a fake—but this tool isn’t just for celebrities. Whether you have a personal social media account or manage one for your organization, being verified can be a great benefit.
To become verified, you are required to provide sensitive information which, unfortunately, makes this process the perfect bait for a phishing attack. Cybercriminals spoof popular social media platforms like Twitter, Instagram, and YouTube by sending out fake verification emails. The emails include a link that, when clicked, takes you to a convincing verification form. Here you’ll be asked for things like your username, organization, password, gender, and more. Anything entered on this page is sent directly to the bad guys.
Stay safe from this fake verification scam with these tips:
- This attack exploits the feelings of excitement and validation that comes with becoming verified. Don’t let the bad guys play with your emotions. Think before you click!
- Never click on a link within an email that you weren’t expecting.
- When an email asks you to log in to an account or online service, log in to your account through your browser—not by clicking the link in the email. That way, you can ensure you’re logging into the real website and not a phony look-alike.
Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team