A surge of phishing campaigns offering free verification badges is targeting users across social media platforms, according to security researchers.
These scams exploit the demand for verified blue tick badges, which are often seen as a sign of credibility and authority.
Researchers at Guard.io estimate that more than 30,000 accounts may already have been compromised.
The campaigns are designed to target accounts with financial or business value, including those run by creators and companies.
The attackers are believed to be linked to a Vietnam-based group that specializes in hijacking and reselling social media accounts.
One of the key tactics involves sending phishing emails through legitimate systems instead of fake domains. In these cases, attackers misuse Google AppSheet to send notification emails that appear authentic.
Because the emails originate from a trusted service, they are more likely to be accepted by recipients.
Scammers use multiple approaches to lure users. Some messages threaten account suspension due to policy violations or copyright issues, while others offer free verification without requiring a Meta subscription.
Users who click on these links are taken to fake verification processes that include CAPTCHA tests and login pages.
During this process, victims may unknowingly enter their login details and two-factor authentication codes.
Attackers also use techniques to bypass security systems. These include inserting invisible characters into email addresses and modifying text in ways that avoid detection while still appearing normal to users.
Researchers advise users to remain cautious and avoid clicking on suspicious links.
They also recommend verifying any communication through official channels before taking action.
📢 For the latest Tech & Telecom news, videos and analysis join ProPakistani's WhatsApp Group now!
Follow ProPakistani on Google News & scroll through your favourite content faster!
Shares
