Twitter users have been warned of a Promoted Tweet appearing in feeds that offers to help them get their account verified, but is actually a phishing scam hiding in plain sight.
The message, which could appear in users' feeds regardless of who they follow, contains a link to a site that requests account information, and more worryingly payment details, in return for helping to place a blue tick on user profiles.
However, as security firm Malwarebytes noted, the entire set-up is a ruse which has so far ensnared almost 1,000 people.
“Over three days, the Promoted Tweet was clicked by 812 people, 97.4 per cent of them hitting the link via Twitter’s t.co redirect (in other words, directly from the sponsored tweet). 644 visitors arrived via iPhone, and 534 hits came from the US,” the firm said.
The scam was first reported by web developer Izzy Galvez, who flagged the scam to Twitter via the firm's @support handle.
It is unclear whether Twitter has reacted to the news, although a search for the Twitter handle of the account promoting the phishing page no longer returns any results.
Christopher Boyd, a malware intelligence analyst at Malwarebytes, explained that Promoted Tweets being hijacked to dupe users into giving up personal information should make people aware of the importance of never giving out sensitive data without being confident about the recipient.
"Whether links you see on Twitter are served by friends, strangers or even sponsored content placed there via Twitter itself, never take them for granted. The moment you see a site asking for log-in credentials and/or payment information, think very carefully about your next move," he said.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away