How scammers are exploiting X Premium (Twitter Blue) | Kaspersky official blog

Credit to Author: Alanna Titterington| Date: Thu, 12 Oct 2023 12:28:42 +0000

Since Elon Musk bought Twitter, there’s been such a constant stream of changes on the social platform that it’s been genuinely difficult to keep up — especially for those who don’t spend all their free time on Twitter. One significant change that looks likely it’s here to stay concerns X’s account verification system — the notorious blue checkmarks. So let’s investigate what has changed, what the unpleasant consequences are, and why you simply can’t trust blue badges anymore.

Why you can’t trust accounts with blue checkmarks anymore: scammers on Twitter X

Many users are not fully aware of what’s happening with the account verification system on Twitter X, and continue to consider blue-badged accounts to be verified.

Of course, scammers see this as a great opportunity. They target people using the social network to complain about the poor service of large companies such as hotel booking systems, airlines, banks, and so on. It used to be a fairly effective way to seek justice. Official, verified accounts of the companies responded to posts to help solve the problem, even if those posts had just a few likes and shares.

Now, fraudsters can respond to the complaints of disgruntled customers from “official” profiles. After all, anyone can buy a blue checkmark, which until recently was a reliable indicator that you were dealing with a verified, official account. Scammers use these profiles to promise refunds and then, under this pretext, get their victims to reveal their financial data. Often, they ask the user to provide a phone number and then switch the communication to instant messengers and/or voice calls.

Recently, a case was reported in which a Booking.com customer, tired of waiting for a promised refund, decided to complain about the company on X. The customer received a response from an account pretending to belong to Booking.com support, inviting him to continue the conversation in private messages. The criminals then called the victim on WhatsApp and promised to refund the money through a “partner”, for which the victim was asked to download a certain app.

The fake Booking.com support account looked quite convincing. Only a couple of details gave the scammers away: an unexpected hyphen in the account name and the date of joining X — July 2023. Fortunately, the user suspected something was wrong in time; he stopped communicating with the criminals and contacted journalists, who incidentally ultimately helped him get a real refund from the booking platform. It’s safe to assume that not all victims of scammers on ex-Twitter are so lucky.

What checkmarks and badges are now available on X?

It really isn’t easy to make sense of what’s been happening on the microblogging platform over the past year. Let’s retrace how events unfolded with the infamous blue checkmark and the X Premium subscription:

  • The Twitter Blue paid subscription concept was developed before the deal with Musk, and the idea of buying blue checkmarks was in no way planned. It was launched in test mode for users in Australia and Canada in June 2021, adding several useful features such as bookmark folders, Reader Mode, and the ability to edit tweets.
  • In November 2022, shortly after the deal with Musk, Twitter launched a new version of Twitter Blue, introducing the opportunity for anyone to get a blue checkmark. Additional gray checkmarks also appeared — these were given to verified accounts that had previously had blue checkmarks. However, this feature was quickly discontinued, since it deprived the paid blue check mark of any meaning (because it simply highlighted paid profiles).
  • Due to an influx of fake accounts, Twitter Blue subscription purchases were blocked for a while. But this option reappeared in December 2022 — this time with new gold and gray checkmarks added (but with completely different meanings — more on that below).
  • For the next few months, accounts with blue checkmarks purchased as part of the Twitter Blue subscription coexisted alongside profiles that received the blue badge the traditional way — through verification.
  • In April 2023, the platform began revoking “old” badges of verified accounts. However, it’s not entirely clear whether they were revoked from all profiles. For example, Stephen King claimed that his blue checkmark remained, and was included in the number of Twitter Blue subscribers, although he did not pay for it.
  • Finally, in July 2023, Twitter was renamed X, and got a new logo and address: x.com (at the time of writing this text, this address works along twitter.com). Meanwhile, the Twitter Blue subscription was renamed X Premium.

Confused? That’s understandable. The rate of change on this platform is quite remarkable. So let’s talk about what badges we’re left with now on X, after all this turmoil.

Blue checkmark: means almost nothing

The blue checkmark next to a profile name basically means just one thing: this account has an active X Premium subscription. Most likely, the account owner paid for this subscription, although there may be some exceptions (like Stephen King).

What does the blue checkmark mean on X?

What the blue checkmark on X means: the account has an active X Premium (Twitter Blue) subscription

So, the blue checkmark is no longer a guarantee that its owner can be trusted. It’s just a premium account icon.

Gold checkmark: official accounts of commercial organizations

Simultaneously with giving out blue checkmarks to anyone who wants one, X has introduced a couple of other badges. Company accounts are now marked with a yellow icon (“gold” as they call it on the platform). Also, their profile picture is square-shaped (regular accounts still have round user pics).

What does the yellow checkmark on X mean?

What the yellow checkmark on X means: an official company account

This subscription type is called X Verified Organizations and costs much more — $1000 per month versus $8 for blue X Premium profiles. A “gold” business account can add other profiles to its list of affiliates and get blue, yellow, or gray badges for them. These cost an additional $50 for each affiliated account.

Gray checkmark: accounts of government organizations and officials

The blueish-gray checkmarks in the current X color scheme indicate accounts of state and supranational organizations as well as their officials.

What does the gray checkmark on X mean?

What the gray checkmark on X means: a government organization account

If the account with the gray checkmark is for an organization, the account gets a square-shaped user pic, while for individuals it’s still round.

What does the gray checkmark on X mean?

What the gray checkmark on X means: an official figure’s account

Logo icon: accounts affiliated with companies

Besides the checkmark next to the profile name, it’s now also possible to add the logo of the organization the account is affiliated with.

What does the logo icon next to the account name on X mean?

What the logo icon next to the name on X means: the account is affiliated with a company

However, for some reason, profiles of government organizations (the ones with gray checkmarks) cannot add affiliated accounts. So, for example, the account of the head of Microsoft is affiliated with the account of the company itself. But the account of the UN Secretary-General is unfortunately in no way connected with the account of the UN itself.

What does the logo icon next to the account name on X mean?

For some reason, government organizations are not allowed affiliate accounts

How to protect yourself from scammers on X

Unfortunately, the new system of multi-colored paid checkmarks on X is quite confusing.

Let’s take the example of Microsoft to illustrate. There are various Microsoft departments and projects with X accounts marked with gold checkmarks, but none of them are affiliated with the main company account. Among the affiliated profiles are top Microsoft executives, but you won’t find @Windows or @Microsoft365 there.

X accounts affiliated with the Microsoft X account

The list of accounts affiliated with the Microsoft X account only includes the company’s top executives

The genuine Microsoft tech-support X account — @MicrosoftHelps — is not affiliated with the main @Microsoft account or any of the others. What’s more, this X account (of one of the world’s largest technology companies) has no checkmark at all — not even a blue one!

Official Microsoft technical support account

The genuine support account @MicrosoftHelps has no checkmarks and is not affiliated with any other account of the company

Because of this confusion, it’s difficult to give clear advice on how to verify the authenticity of X accounts. Therefore, here are a few general considerations:

  • Accounts with blue checkmarks should not be trusted. Anyone can buy this badge now, and the verification process seems to be quite superficial.
  • Profiles with gold or gray checkmarks are more reliable on paper — obtaining these badges is definitely more expensive, and the verification is probably more thorough. But the chaos on the platform gives plenty of reasons to doubt their reliability.
  • Perhaps the most useful indicator of a profile’s authenticity is the creation date — this cannot be bought (at least, yet). If a profile was created a long time ago, there’s some reason to trust it (although it’s important to remember that a profile can always be renamed). Recently created “official accounts”, on the other hand, are very suspicious even with colored checkmarks.
  • In any case, you shouldn’t give financial information to anyone on X, “employees” of some company or not; whoever requested it is highly likely a scammer, and it’s best to shut down all communication with them.


https://blog.kaspersky.com/feed/