Impersonation Attacks on X: A Growing Problem
Impersonation attacks on X, formerly known as Twitter, have become a growing concern for users, particularly journalists. Recently, Rebecca Bellan, a senior reporter at TechCrunch, discovered that someone had created an impersonator account using her name. What made this situation even more surprising was the fact that the account had a blue checkmark, indicating that it had been verified as a person of note. However, the verification system on X has undergone significant changes since Elon Musk’s takeover.
Previously, the blue checkmark signified that a profile had been verified as a notable individual. However, with the introduction of premium subscriptions on X, the checkmark now indicates that a user has paid at least $8 per month for additional benefits. These benefits include access to longer posts, fewer ads, and better algorithmic consideration. Unfortunately, this change has opened the door for impersonation attacks and abuse of the verification system.
Impersonation attacks are not limited to Rebecca Bellan alone. Several other TechCrunch journalists have also been targeted by impersonator accounts on X. While some of these accounts have been suspended after being reported, it highlights the larger issue at hand: X’s verification system lacks proper identity verification protocols. The pay-to-play blue checkmark system invites bad actors and even nation-states to exploit it for their own purposes.
This is not the first time X has faced such challenges. When Elon Musk introduced Twitter Blue in 2023, it quickly became an avenue for impersonation attacks. Bad actors pretended to be celebrities, corporations, and even government officials. One notable incident involved an account impersonating pharma company Eli Lilly and falsely announcing that insulin was now free. The tweet garnered millions of views before being taken down, leading to financial repercussions for the company.
While the impersonation accounts targeting TechCrunch journalists have not caused significant harm thus far, it is clear that they were likely created by bots rather than malicious actors. This raises concerns about X’s ongoing battle with bot accounts and the effectiveness of their pay-to-verify system. Despite Elon Musk’s initial belief that paid verification would weed out bots, the problem persists.
For those who have been impersonated, X provides a reporting system that involves third-party verification. Users are required to upload photos of their government-issued ID and a selfie to confirm their identity. Additionally, enlisting the help of co-workers, friends, and followers to report the impersonation can expedite the process.
Despite the prevalence of impersonation attacks and the potential impact on users, X has remained silent on the issue. TechCrunch’s attempts to reach out for comment were unsuccessful, leaving users questioning the platform’s commitment to addressing this problem. As impersonation attacks continue to rise, it is imperative for X to take immediate action to enhance its verification system and protect its users from malicious actors and bots.