Twitter has warned users to beware of scammers impersonating Twitter employees in an attempt to obtain login credentials and other personal information.
It comes after a number of verified users on the platform, including journalists, reported receiving direct messages (DMs) claiming their verified status had been declared as “spam” and they would need to re-register.
The messages came from accounts pretending to be Twitter support, prompting users to click a link in the message to fill out a form to re-apply for a “blue badge” for verification on the site.
“Your Blue Badge Twitter account has been verified as spam by our Twitter team,” the scam message reads.
It asked users to “dispute” that decision using an online form by clicking a link in the message, warning that those who didn’t do so would see their blue badge “deleted.”
In response, Twitter said it never asks for a user’s password when contacting someone.
“We’ve heard that some accounts are impersonating Twitter employees and sending DMs and emails,” the company said.
“When we contact you we will never ask for your password and our emails will only be sent from @twitter.com or @e.twitter.com.”
A dedicated page in the company’s online help center adds: “Some people may receive fake or suspicious emails that look like they were sent from Twitter.
“These emails may contain malicious attachments or links to spam or phishing websites. Please note that Twitter will never send emails with attachments or request your Twitter password via email.”
The UK’s National Cyber Security Center (NCSC) advises people to think carefully before clicking on a link they receive unsolicited from an organization and encourages people to look for telltale signs such as poor spelling or grammar or a gut feeling of urgency to seek the message to try to encourage a hasty decision.