Fake social media verified badge / blue checkmark phishing — attacker impersonates Instagram, Facebook, TikTok, or X (Twitter) claiming the recipient's account has been approved for a verified blue badge, then demands account password and payment method to "complete the verification," harvesting credentials for full account takeover

Phishing emails impersonating Instagram, Facebook, TikTok, X (Twitter), or their parent companies (Meta), claiming the recipient's account has been "selected" or "approved" for a verified blue badge/checkmark, then demanding account credentials (password, login details) and/or payment method information to "complete the verification" or "activate the badge." These phishing campaigns surged dramatically in 2023–2025 after X (Twitter) introduced paid blue checkmarks and Meta introduced Meta Verified, making "paying for badge verification by email" seem plausible to less-experienced users. Key facts: (1) Real verification notifications from Instagram, TikTok, Facebook, and X/Twitter are never sent requesting passwords by email — platforms verify identity through in-app flows only; (2) Providing account credentials to the phishing portal gives attackers complete account access, which is then sold on dark-web markets or used to impersonate the victim; (3) The Meta Business Suite and X Business accounts are particularly targeted because compromised verified business accounts can run fraudulent ads at scale; (4) Credential-harvesting portals typically mirror the exact login page of the impersonated platform using web scraping tools. Warning signs: any email asking you to "confirm your password" to receive a badge, non-official sender domain (anything other than instagram.com, meta.com, twitter.com, x.com, tiktok.com), "verification offer expires in 24/48 hours" urgency.