Please report any account that claims that you need to verify your #Mastodon account to continue using it. It is a scam. Don't click the links. Real staff accounts either have a special role badge on their profile or are verified through the joinmastodon.org domain.
Conversation
Notices
-
Embed this notice
Mastodon.social Staff (staff@mastodon.social)'s status on Sunday, 27-Jul-2025 09:24:25 JST 
Mastodon.social Staff
- Mastodon and Steve's Place repeated this.
-
Embed this notice
Mastodon.social Staff (staff@mastodon.social)'s status on Sunday, 27-Jul-2025 16:09:35 JST
Mastodon.social Staff
We're as frustrated as everyone else with these phishing attacks. mastodon.social had new sign-ups in approval mode this week to limit the impact, but offenders targeted other instances and compromised existing accounts. We take the problem very seriously; we're suspending and blocking as quickly as possible, as well as actively working on countermeasures.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Sunday, 27-Jul-2025 23:03:24 JST 
Rich Felker
@staff Tacking on this sentence was irresponsible and unnecessary:
"Real staff accounts either have a special role badge on their profile or are verified through the joinmastodon.org domain."
The potential victims of this scam don't understand how to verify those conditions and it just gives the scammers a way to trick them ("see here for the role badge we told you to look for when warning you about scams").
The responsible thing to say is "Real staff accounts will NEVER DM you asking you to click a link, disclose private information, or verify your account. Any such request is a scam."
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Monday, 28-Jul-2025 00:20:35 JST
Rich Felker
@allo @staff Yep, but that's kinda a good thing. Because even without custom emojis, any kind of verification badge is meaningless unless the authority you expect it to be verified by (in this case your own instance) is the provider of that UI - something the users who might be victimized by these scams DON'T UNDERSTAND.
The only safe thing is to teach them to distrust all signaling of authority.
-
Embed this notice
allo (allo@chaos.social)'s status on Monday, 28-Jul-2025 00:20:37 JST 
allo
@dalias
And with custom emojis in usernames it is very hard to explain to new people what actually counts as verified role badge and what not. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Monday, 28-Jul-2025 04:07:27 JST 
Phantasm
@staff You won't see this, because mastosoc is deactivation-happy with accounts, but it's again time to remind the Mastodon developers, that perhaps rejecting posts based on keyword rules might be a good idea. -
Embed this notice
Fedilab Apps (apps@toot.fedilab.app)'s status on Monday, 28-Jul-2025 05:10:25 JST 
Fedilab Apps
@nunesgh
At least, when opening the profil remotely, you should see the badge with Fedilab. So there is an issue on our end. Bookmarked for a fix.
@staff @cainmark -
Embed this notice
Gabriel H. Nunes (nunesgh@mastodon.social)'s status on Monday, 28-Jul-2025 05:10:26 JST 
Gabriel H. Nunes
@staff @cainmark
Thank you for that information! I'm on mastodon.social, but I'm usually on a third-party app, #Fedilab, which doesn't show badges, so domain verification is still important.
On that, why not verify through mastodon.social and mastodon.online instead of joinmastodon.org? -
Embed this notice
Mastodon.social Staff (staff@mastodon.social)'s status on Monday, 28-Jul-2025 05:10:30 JST
Mastodon.social Staff
@cainmark @nunesgh We have the staff role badge which can only be set by the server administrator, though the badge is only visible when you are viewing it from mastodon.social itself.
-
Embed this notice
Gabriel H. Nunes (nunesgh@mastodon.social)'s status on Monday, 28-Jul-2025 05:10:31 JST
Gabriel H. Nunes
@staff
Your account isn't yet verified in any way, though. -
Embed this notice
Cainmark Does Not Comply 🚲 (cainmark@mstdn.social)'s status on Monday, 28-Jul-2025 05:10:31 JST 
Cainmark Does Not Comply 🚲
Good catch.
All GNU social JP content and data are available under the