Twitter Blue means bad things for the platform’s security

Luis Corrons 10 Nov 2022

Purchased, “verified” Twitter accounts are now being abused in all kinds of ways.

Shortly after acquiring Twitter, Elon Musk announced that Twitter will be launching an $8 monthly subscription that gives users the ability of actually buying a verified Twitter account, otherwise known as Twitter Blue. Currently, this functionality is available in the US, Canada, UK, Australia, and New Zealand.

In just a few hours after it became available, the worst omens related to this feature already come to pass, as purchased “verified” accounts are now being abused in all imaginable ways: They’re impersonating both individuals and companies, spouting hate speech, being used to carry out crypto scams, and more.

Before the subscription was launched, Musk was warned that the proposed system would be abused. As soon as there is a checkmark next to a Twitter account, most users will regard it as a verified account, as it has been for years. However, that’s not the case anymore: Anyone willing to pay $8 can now have their own quasi-verified account. 

Even prior to the option to buy a verification mark was rolled out, there was an incident that demonstrated what could go wrong with this functionality. Kathy Griffin, a comedian with over two million followers on Twitter and a verified account, changed her display name to Elon Musk — exactly what some people warned would happen with anyone having $8 in their pocket. As a result, Griffin’s account was permanently banned for impersonating another person.

Now that the real deal has been made available, we’ve come across a number of examples of abuse:

There are victims already denouncing that malicious actors are using Twitter Blue to impersonate them:

What’s more, there are actual scams with thousands of retweets and likes, as the below tweet from @vxunderground points out.

The potential for malicious threat actors here is enormous: Twitter Blue can be used for phishing attacks, crypto-related scams, and distributing malware, and it can easily lead to fake news being spread as well as potential geopolitical disasters in the case that a top politician is impersonated on Twitter. 

What's more, fraudulent verified accounts even have the ability to affect the stock and crypto markets. Say that someone impersonates Musk and claims that, for example, Tesla has made the choice to accept any form of cryptocurrency as payment (a far-fetched idea!) — using this information could cause Twitter users to speculate and influence the markets as a result. 

Cybercriminals simply need $8 to get started – and the return on investment can be huge. Fraudsters can impersonate any person or company in the world, as we’ve already demonstrated above. 

Even though Twitter seems to be reacting pretty fast and suspending the malicious accounts, there is time for a message to be retweeted tens of thousands times.

How Twitter users can protect themselves

  • Take a close look at both a Twitter account’s name and its handle.

  • Verify the age of the account as well as how many tweets, retweets, and interactions it’s had in the past.

  • Be more vigilant than ever before when an account is asking for money. It’s crucial to verify everything - where the money is supposed to go and whether the same recipient information can be obtained also from a different source (for example, from the official website of the organization).

  • When you click on a Twitter account’s checkmark, the information whether the account was verified or payed for will be displayed. Use this information wisely!

  • Finally, remember that if an offer seems too good to be true, it probably is.
--> -->