Headline
Big changes to Twitter verification: How to spot a verified account
Categories: News Tags: twitter
Tags: blue
Tags: verified
Tags: verification
Tags: fake
Tags: fraud
Tags: phish
Tags: phishing
Tags: scam
Tags: imposter
Significant changes to Twitter’s verification identifiers mean new rules for ensuring whether an account is real.
(Read more…)
The post Big changes to Twitter verification: How to spot a verified account appeared first on Malwarebytes Labs.
Twitter has made some fairly major changes to how its verified checkmark status works, and it’s already causing some confusion. If you rely on the checkmark symbol for confirmation that the individual or business tweeting is actually the real deal, your regular process is now different.
How verifying identity on Twitter used to work
Previously, the blue checkmark indicated a number of factors. The individual may have been “notable” in terms of work, celebrity status, or some other aspect. Primarily, it was a way to confirm someone or something was real, accurate, and true. An identity had been verified, typically via Government issued identity documents like a passport. If you sent a message to John Cena (with the verified blue checkmark), you were absolutely sending a message to John Cena. If Mark Hamill replied, you were absolutely having a conversation with Mark Hamill.
Hovering over the checkmark on one of the originally verified accounts used to say this:
“This account is verified because it’s notable in government, news, entertainment, or another designated category”.
Changing the checkmark system with Twitter Blue
Recently, this process underwent some change with the introduction of Twitter Blue, a subscription service that costs a minimum of $8 a month to gain additional features over non-paying users. Controversially, Blue accounts gained the same visual checkmark as verified accounts despite not using the same identity verification process. This resulted in an early wave of imitation accounts causing confusion.
Shortly after the Blue launch, the original verified accounts had their hover text altered to say this:
“This is a legacy verified account. It may or may not be notable”.
Twitter Blue subscribers, who had paid their $8 a month to gain a checkmark, had this for their hover text:
“This account is verified because it’s subscribed to Twitter Blue”.
This was already somewhat confusing, as there’s a difference between confirming identity via Government issued ID and obtaining a tick associated with identity verification by paying $8 a month. However, users would be put through even more changes.
We’re not losing a tick, we’re gaining…confusion?!
Twitter recently announced that all legacy accounts would lose their checkmark on April 1. It seems as though it may have been too difficult to do this, and a new needlessly confusing solution has been put in place overnight.
All accounts with a checkmark of any kind now say this:
“This account is verified because it’s subscribed to Twitter Blue or is a legacy verified account.”
There is now no easy way to tell at a glance if what you’re looking at is (for example) the real Lady Gaga, a law enforcement agency, an emergency alert system, or anything else. A perfect example of this happened earlier today when well-known UK personal finance expert Martin Lewis flagged up an imitation Twitter account promoting a bogus website.
So this FAKE ACCOUNT… https://t.co/zlX5BoeLiT promoting crypto has a blue tick? Lets see whether it is taken down when I report this impersonation.
— Martin Lewis (@MartinSLewis) April 3, 2023
This is a screenshot of the fake account in question. Notice that it is using a photo of the real Martin Lewis as its own profile picture, and that, while the actual Twitter handle is different, the display name shows, simply, "Martin":
Note that the faker has disabled replies, to make it harder to call out the imitation in the thread itself.
The fake account sports 25.7k followers, has been around since 2013, and to many people would reasonably enough look like the real thing.
Both the imitation and the real account present users with the “This account is verified because it’s subscribed to Twitter Blue or is a legacy verified account” messaging.
The site the imitation linked to has already been shut down but was something to do with cryptocurrency.
This isn’t great for Twitter users. What can you do about it?
Some tips for establishing Twitter authenticity
There are still a few ways to know for sure if an account is subscribed to Blue, or has one of the originally verified checkmarks. A caveat: these may eventually stop working, and as we’ll see further down, there are limits to how well some of these tricks may work.
- Look for the @Verified Twitter account. If the Verified Twitter account follows the individual or entity you’re interested in, then that account was verified pre-Blue and had some form of actual identity verification confirmed.
- Browser extensions can help. A number of extensions still display the status of the accounts you look at. For example, here’s one called Eight Dollars for Chrome. If a checkmarked account is pre-Blue, it’ll say “Verified.” If not, it’ll say “$Paid.” Again, please note that functionality for extensions like these may stop working at some point.
- Use Twitter search. Certain kinds of search string will still (for the time being) reveal if a user is legacy or paid.
Using the extension as an example, we can now see the difference between the real Martin Lewis and the faker. Here’s the real Martin Lewis while running a checkmark focused extension:
Here’s the fake Martin Lewis while running the same extension:
The difference is clear. One of these accounts belongs to the originally identity verified Martin Lewis, and the other is a paid Twitter Blue subscription.
But there’s one more case to look at to understand Twitter verification today and likely into the future—and where this current reliance on browser extensions fails.
The New York Sign of the Times
We currently have a former Simpsons writer pretending to be the New York Times. Bill Oakley is likely doing this because Elon Musk directly removed the NYTimes checkmark after the publication said it wouldn’t pay for Twitter Blue.
Because of his account having been originally verified as himself, we now have a situation where a fake New York Times account says this:
The profile is tagged as potentially being a legacy verified account or subscribed to Twitter Blue. Meanwhile, the account shows as “Verified” with one of the browser extensions as a result of Oakley already having been verified as himself. For a time, Twitter did not allow legacy verified accounts to change their display name but that no longer seems to be the case. We can also deduce that this is definitely not the New York Times because you can see “thatbilloakley” is the username just underneath the Verified Account popup. Even so: a “verified” fake New York Times account, tagged as the real deal by a verification confirmation checking browser extension.
Confusing? You bet!
It’s worth pointing out that some originally verified legacy accounts will have since subscribed to Twitter Blue. It’s impossible to say how browser extensions would deal with that situation, so unless the Twitter Verified account is following the account you happen to be looking into, you may be out of luck.
For now, it’s a case of keeping your wits about you and not taking anything you see on social media for granted. This is good advice at the best of times, and it’s definitely worth sticking to at present. Another simple rule of thumb? If a celebrity is suddenly hawking cryptocurrency or some other too-good-to-be-true deal, they’re likely to be running a scam. Stay safe out there!
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
TRY NOW