Real Verification Badge vs Badge Phishing
How to tell a genuine platform verification notification from a phishing attempt that uses the badge as bait to steal your account credentials.
Last reviewed: 1 June 2026
Verification badges carry real status on social platforms, making them attractive bait for phishing. Scammers send fake 'badge approved' or 'apply now' messages to harvest login credentials. The comparison below helps you respond safely to any verification-related message.
Side-by-side comparison
| Real verification badge | Badge phishing | |
|---|---|---|
| Origin | Notification appears inside the platform's own notification centre — not via DM or email | Arrives as an unsolicited DM, email, or message from an account that mimics the platform |
| Action required | Directs you to your existing account settings to complete verification | Provides a link to an external site that asks for your username and password |
| Eligibility contact | You applied for verification; the platform contacts you after review | Message arrives unsolicited, claiming your account 'qualifies' |
| Fee | Official verification processes through platforms are free or a disclosed subscription | Charges a fee to 'process' your badge application |
| Link destination | URL matches the platform's own domain exactly | Link leads to a lookalike domain (e.g. twitter-verified.com instead of twitter.com) |
Common red flags
- Unsolicited DM or email offering or approving a verification badge
- External link that asks for your platform username and password
- Fee required to 'process' your badge
- Sender account has a similar but not identical name to the platform
- Message creates urgency ('badge expires in 24 hours')
Verification steps
- Log into the platform directly and check your notifications — not via any link in the message
- Check the platform's official verification programme page for the real process
- Report the message as phishing using the platform's built-in reporting tool
- Enable two-factor authentication on your account immediately
What not to do
- Don't enter your credentials on any page reached through an unsolicited verification link
- Don't pay any fee in connection with a platform verification badge
- Don't click links from accounts impersonating platform support
A safe response
Do not click the link. Go to the platform's official site directly, check your notifications, and report the message as phishing. If you already entered credentials, change your password and review account access immediately.
Frequently asked questions
Do platforms ever contact you about verification via DM?
No legitimate platform will send unsolicited verification offers through direct messages or personal email. All genuine verification processes begin in your account settings or through a formal application page on the platform itself.