Brand and celebrity impersonation surged after Twitter recently introduced a controversial $8/month “Blue Tick” verification fee. As the risk of fraud rises, brands and trademark professionals are being asked to step up their scrutiny of Twitter to find and report fraudulent accounts, especially at companies that are often impersonated for phishing purposes. Recently, billionaire Elon Musk charged Twitter users a monthly fee to get (or keep) a ‘blue check mark’ for verification after becoming owner and CEO of Twitter. This verification is used primarily to build trust and reduce the risk of fraud associated with accounts of public figures, corporations, government agencies, non-profit organizations, media, etc. After Musk announced plans to charge for verification, concerns were raised that anyone with access to a “blue tick” would undermine the entire purpose of the verification system. By opening up authentication to those who want to pay, “it is possible that fake accounts (masquerading as small, well-established brands) can defraud innocent people.
At that time, it was only a proposal by Musk. In the days since, the plan has become a reality and users can now pay the $8 monthly fee to join ‘Twitter Blue’ and claim a verified ‘tick’. In its description of the programme, Twitter states that “the definition of verification and the accompanying blue checkmark is changing”, and it now means that an account has been verified as authentic or “that the account has an active subscription to Twitter Blue” (and therefore “will not undergo review to confirm that they meet the active, notable and authentic criteria that was used in the previous process”). Within hours of starting the program, the flaws in this validation change became apparent. One of his first famous examples to go viral was an account set up and verified (with a “blue checkmark”) impersonating former US President George W. Bush. In a post that received more than 2,300 retweets, he said, “I miss killing Iraqis”.
Impersonators aren’t just for celebrities and politicians. Big brands are facing the problem of counterfeit accounts and security issues have also been identified. For example, a verified account impersonating Twitter posted a series of tweets, each with thousands of retweets, stating, “NFT holders can get Twitter Blue for free by verifying their wallet assets. Now.”. To do this, the user accesses the domain name (both “twitter-blue.com” and “twitterblue.com” were used) to “authenticate” the digital asset. The risks of phishing, fraud and even malware are obvious. Elsewhere, other Twitter accounts (all with $8 purchases of “Blue Tick” certifications) have claimed Eli Lilly and Company (including a bogus announcement that insulin will be free), Nestlé (who accuses the company of stealing), provided disguised brands, including posts, Apple (including a tweet announcing a new “Apple Air+” product), Pepsico (proclaiming “Coke is better”), and Musk-owned Tesla (contributing to vehicle safety). ), SpaceX (and a fake announcement that the company is to cease operations). All of these examples received hundreds (sometimes thousands) of retweets, some of which remained active after 24 hours.
Until now, impersonated accounts could not receive the “blue tick” due to the risk of impersonation. That obstacle is gone. This means that spoofed accounts with real company logos and brand names next to the verification checkmark can more easily post misleading content. When it comes to big brands and personal impersonation accounts, for scammers, “paying $8 for a tweet that gets 2,000 retweets is worth the price of admission.” “Now, instead of hiring someone to hack verified accounts or troll password leaks, anyone can buy a verified badge for $8. For Musk’s “out of the box” system to work, users must be aware that an account is fake and report it. In some cases, this can take hours (or days). It can be more obvious if your account has a low follower count, but a more sophisticated scam can easily buy thousands of followers to look more authentic and register a domain name that looks authentic.
Going forward, businesses will have to pay close attention to verified accounts that mimic registered trademarks. Even if your brand leaves Twitter, there is nothing stopping someone from creating a verified brand impersonation account. Brands must engage in active social listening to find and report these accounts, as Twitter will not do this for you. For now, brand and trademark professionals, especially those with customers for whom impersonation is most common for fraud and phishing purposes, should step up their monitoring and enforcement of Twitter. Genuine brand identity has always been an issue on social media, but the previous introduction of ‘verified’ accounts across platforms seemed to have reduced the risk of being harmed, but Twitter’s decision to release the “verified” tag to the masses, opens the door to brand impersonation that can cause real harm to brands and trademark owners.
To help tackle the creation of fake Twitter accounts, IP Twins offers a wide range of services aimed at detecting possible brand and trademark infractions, and takedown of these fake accounts, as well the monitoring and enforcement of infringing domains.