Even before the launch of the “new” Twitter Blue (now with ‘Verified’ Blue checkmark) there has been issues with the verification system. Then there were the US celebrities who changed their profile information on their Verified accounts to impersonate Elon Musk. Many of those accounts end up being banned. Now the ‘new and improved’ Twitter Blue has launched for the low price of $7.99 USD a month (or is it $4.99 USD a month)?
Regardless of the price the verification system is clearly still broken. From a fake profile being created for Rockstar Games (someone created the handle RockstarGamse (the last two letters of the handle are transposed, a common practice used by scammers in phishing email and websites) But, it gets worse:
And it seems, the process of impersonating prominent figures on Twitter and procuring a blue tick takes under 25 minutes:
It took me less than 25 minutes to set up a fake anonymous Apple ID using a VPN and disposable email, attach a masked debit card to it (with the address being Twitter’s HQ), and get a verified account for a prominent figure. Just think what a nation-state or bad actor could do…
— Jack Lawrence (@JackMLawrence) November 9, 2022
Now keep in mind the Blue Verified Status Symbol Checkmark is not for ‘high profile’ accounts such as government and commercial entities (and may be at some point individuals). Those accounts will get a Grey Verified checkmark below their Blue (paid) Twitter Blue checkmark. Regardless, there is still a lot Twitter needs to do to beef up their verification. With a little extra effort paying attention to some otherwise minor details it is fairly easy to spot the fakes (much like spotting phishing emails):
In this example above some otherwise minor details do stick out on the fake account after more closer examination:
- The ‘o’ in Elon is a special character (slight size difference)
- The handle of the fake account is an FCC Armature (HAM) Radio callsign
- The number of followers on the fake account is very low (as are the number of Tweets from said account)
via BleepingComputer