Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Verified Mess — Twitter’s $8 Blue Tick Rollout Sees ‘Verified’ Fakes

Starting this week, Twitter iOS app users can subscribe to Twitter Blue for $8 a month. Subscription comes with a variety of benefits including prioritized tweets, fewer ads, the ability to post longer multimedia content, and above all, a “verified” blue badge being added to the subscriber’s profile. But all this has led to its own set of problems, such as threat actors now impersonating famous people and still being granted a “verified” status. Alongside the official Rockstar Games Twitter account, for example, surfaced a misspelled @RockstarGamse account, according to engineer and YouTube tech influencer Barnacules Nerdgasm. The fake ‘RockstarGamse’ account was also granted a blue badge as it enrolled in the paid Twitter Blue program A stark distinction so far that separates Twitter Blue accounts with the blue badge from ‘notable’ accounts verified prior to the new policy rollout is the wording contained within the blue badge. For Twitter Blue accounts, tapping or clicking on the blue badge reads: “This account is verified because it’s subscribed to Twitter Blue.” Whereas accounts carrying the legacy blue badge state that these were verified for being “notable in government, news, entertainment, or another designated category.” Since verified accounts can be hacked, the legacy verification process intended to limit misinformation. A tweet originating from a verified account could be regarded as ‘authentic’ and not originating from someone impersonating a public figure. The blue badge being rolled out for everyone for a fee makes this distinction slightly harder for users.

Analyst Notes

This issue is likely to get worse before it gets better. Threat actors will continue to use the new verified check marks as a means to spread misinformation as well as attempt social engineering tactics to take advantage of individuals. Users should be wary of “verified” twitter accounts and should validate any information received from a twitter account with a secondary reliable source. Individuals should also be cautious of direct messages from verified accounts enticing them for information or products.