Twitter

Scammers & pranksters running riot after Twitter overhaul blue tick – In the News

Scammers, spammers and pranksters have been running riot on Twitter amid the platform’s overhaul of its blue tick verification system that previously allowed users to determine if an account was authentic.

One of the first pledges made by new Twitter owner Elon Musk was to redesign the “blue tick” verification system that allows its users to see if a particular account on Twitter is authentic. Instead of limiting the tick to only high profile accounts belonging to public figures and entities, Musk opted to sell the blue tick to any account that had $8 a month to spare.

It was, predictably, a terrible idea (we reported on why before the redesigned system was launched) and the Twitter community has inevitably and immediately demonstrated just how terrible an idea it is.

The redesigned ‘blue tick for sale’ plan is terrible on two fronts.

One, because Musk claimed that any high profile accounts not paying the subscription fee would have their checkmark removed, making it harder to spot authentic accounts and consequently making it easier for crooks to pose as high-profile entities and people without the need for a blue tick.


Sponsored Content. Continued below...




And two, because crooks would inevitably purchase the blue tick for their own accounts, helping them impersonate high profile accounts, for the purposes of spreading misinformation or scamming Twitter users.

The latter works because the blue tick is what is known in the Cybersecurity industry as a “trust signal”. This is an indication that an account is authentic and really belongs to a particular person or entity. We are hardwired to see the blue tick and associate it with authenticity since the same feature is also used by other platforms, including Facebook, TikTok and Instagram.

But now on Twitter the tick is open to everybody willing to pay. And that’s led to some pretty inevitable issues.

Yes, some of these issues were designed to be predominately humorous or mundane. For example, no Rudy Guilliani didn’t challenge Alan Dershowitz to a street fight, despite a verified account in his name saying so. LeBron James didn’t request a trade back to Cleveland, despite a verified account in his name claiming he was. No, Nintendo didn’t post an image of Mario giving the middle finger, despite a verified account in their name doing so. Valve software didn’t unveil a new game, despite a verified account in their name saying they were.

Other examples are more serious. For example a fake verified Twitter account (if you can believe that) claimed you could get Twitter’s subscription service for free, and linked to a phishing website. The account quickly garnered tens of thousands of followers.

While most of these spoof verified Twitter accounts that impersonate legitimate brands or well-known people are often suspended within 24 hours, such scam or spam tweets are often short-lived anyway. Cyber-crooks know this but a well-crafted scam only needs to go viral for a few hours in order to be extremely profitable for the criminals behind it.

To be clear, creating fake verified accounts was possible on Twitter before the change to the feature (and indeed before the reign of Elon Musk) since verified accounts can also be hacked, and many such hacked accounts ended up being traded on the online “black market” and sold between cyber-crooks (usually for crypto-currency.)

But in those cases, the hacked verified accounts on offer were finite, and often expensive. Now there’s an endless supply, and they’re cheap – in fact only $8 to anyone who knows what they’re doing.


Sponsored Content. Continued below...




Twitter has entered itself into a perpetual game of whack-a-mole with fake verified accounts, and perhaps the most frustrating thing is that it was all entirely predictable and avoidable, not to mention unnecessary.

While Elon Musk may boast about high engagement on Twitter, the crux is whether advertisers will want to be associated with a platform losing a battle against cybercrime and misinformation. Because one thing is for sure – a platform that relies on the revenue of cyber-criminals and spammers paying $8 to scam other Twitter users is not a sustainable business model.

Selling “trust signals” to anyone is – from a cybersecurity perspective – just a bad, bad idea. And this is proof of that.

Share
Published by
Craig Haley