One of social media platform’s uses is to connect to others. You converse with them either through direct messages (DMs) or through posts or tweets. There is also almost no limit to who you can talk to. Whether it is your parents or your celebrity crush, you can send them messages. That is unless the user has blocked you from reaching them. 

But if you get through, and they replied, how sure are you that you are talking to the right person? Anybody can make a Twitter account. And they can name their account however they want. Your neighbor can create one, use Arianna Grande’s name, upload a picture, and then pretend to be the singer.

Now, if that is done just to prank you, arguably, no harm comes out of it. However, scammers and cybercriminals do that with malicious intentions. That is dangerous. For one, it could ruin the reputation of the person or entity they are pretending to be. Someone could file a legal complaint against them, for example. But since they are not the ones who interacted with the victim, they are actually innocent. Also, the criminals can milk the unsuspecting victims’ money or put them in imminent danger.  

Social media platforms introduced “verification” to prevent these from happening. 

Twitter Verification

In some accounts, you will find a blue checkmark beside the username. The mark indicates that the account is authentic. For example, Justin Bieber’s Twitter account @justinbieber has it. It means the account is, in fact, owned by the famous singer.

Through this system, the platform ensures healthy and safe interactions between its users. It helps them identify which accounts are to be trusted and which they should avoid or at least be wary about. 

Twitter had verification for quite a while now. But, in May, Twitter relaunched it after months of taking public feedback. Along with its relaunch, Twitter automatically removed the verified badge from accounts that no longer meet the updated criteria for verification.

However, just a week after the relaunch, Twitter paused accepting verification requests from users. It started retaking requests in early June.

The new system has three main criteria: authenticity, notability, and activeness on the platform. 

Authentic

Users who want to be verified need to confirm their identities to Twitter. They must present an official website that references them and their Twitter account. Furthermore, they must provide a photo of an official government-issued identification document. Moreover, an official email address with a domain relevant to the notability category they chose is required.

Notable

Everyone can make an account, but not all can apply for verification. Verification is reserved for accounts of high public interest. This includes accounts owned by governments, businesses or brands, entertainment companies, celebrities, famous athletes and gamers, activists, organizers, and influential individuals. 

Active

For an account to be verified, it has to be complete. There must be a profile name and a profile image. Then, the user must have logged into the account in the last six months before the application. Aside from being active on the platform, Twitter looks at how the user adheres to the rules and guidelines. In the past six months, it must not have had a 12-hour or 7-day lockout for violating the Twitter Rules. That is excluding successful appeals.

With these criteria and updated policy, Twitter hopes to stop identity theft and fraud. The problem is, some users cannot get verified even when they believe they are eligible. Twitter addressed this issue and said it would soon provide details on emails about why an application got rejected. 

Twitter Mistakenly Verifies Fake Accounts 

Relaunching a process or a feature means you improved or strengthened it. So, it came as a shock that after the verification update, Twitter made a mistake. 

 Conspirador Norteño, a data scientist, introduced Twitter users to six verified accounts. They are @aykacmis, @degismece, @anlamislar, @aykacti, @kayitlii, and @donnedim. 

None of these has tweeted anything. Furthermore, they all appear to be created on June 16, 2021. That means there is no way they have been active on the platform in the last six months. So how come they got verified?

Now, there is an exception to the rule. Accounts that are at especially high risk of impersonation can bypass the log-in requirement. But, these accounts do not belong to that category.

Norteño also notes that two of these accounts had photos of people as their profile pictures. As mentioned above, having a profile pic is a must. However, both of these images appear to be stolen. 

It is shadier that they had roughly the same followers, and 977 of them are the same presumably purchased followers. Upon checking, all of them were created between June 19 and June 20. Norteño said they were a part of a botnet consisting of at least 1,212 accounts. One of them is also verified, and it follows all verified accounts. The rest follow the same 190 accounts. 

Twitter Suspends The Fake Accounts

A Twitter spokesperson acknowledged the issue in an email they sent to Gadgets 360. The company said it had verified the six inauthentic accounts by mistake. Furthermore, it imposed a permanent ban on the said accounts, aside from removing their verified badges. They did the action under the platform’s manipulation and spam policy.

Twitter only did that to five accounts, though, as one deactivated on its own. 

That may have been resolved, but that is not the only problem here. It is still unclear how the fake accounts got the checkmarks. Furthermore, Twitter only acted on the issue after other users reported it. Is the platform not able to detect it by itself? 

It also bothers users that Twitter did not clarify whether it is implementing changes to prevent this from happening in the future. If the cybercriminals really found a loophole, users can never be sure whether they are talking to an authentic account or not. That puts everything back to square one.