Social media allows us to not only connect with friends and family, but also follow the happenings of brands and public figures. For a long time, it was easy to denote these accounts from others. All a user had to do was look for a blue check mark next to the username to know it was a verified account. However, scammers have managed to falsely represent themselves as trusted, verified accounts online. Policy changes on certain platforms have only expedited this issue. Now more than ever, it’s important to be aware of fake blue check scams and how to differentiate real and fake verification.
How Do Scammers Get Verified on Social Media?
In the past, cybercriminals had to get creative with their efforts to forge a verified identity online. More technical bad actors worked to compromise the legitimate accounts of real public figures or organizations. Others tried more rudimentary tactics, like using characters or emojis in their username that bear a resemblance to the blue check. There are even dark web marketplaces where you can purchase accounts with a certain number of followers and a verification badge.
Twitter Blue Changes the Cybercrime Landscape
In late 2021, Twitter announced the roll out of Twitter Blue, a subscription-based service that, among other features, granted users a blue check. This move made it incredibly difficult to differentiate between previously verified accounts and new Twitter Blue subscribers.
Twitter stated they had a review process that would be carried out before accounts received their blue check. Furthermore, any changes to account information would result in a temporary removal of the blue check until the account was reviewed again. This was intended to curb the possibility of impersonation accounts, which violate Twitter’s terms of service.
However, the platform has been plagued with impersonation attempts that have been fueled by Twitter Blue verification. Accounts have been able to impersonate figures like Donald Trump, LeBron James, and Adam Schefter. Nintendo and Apple TV+ both had accounts impersonate them. Some of these posts received tens of thousands of engagements before being removed.
Meta Follows Suit
Not long after the Twitter Blue announcement, Meta revealed their plans to launch a similar subscription service — Meta Verified. Like Twitter Blue, Meta Verified allows users to purchase a blue check verification.
Upon the announcement, Meta CEO Mark Zuckerberg stated that the service would help improve authenticity and security across Facebook and Instagram. The use of government IDs to verify identities was supposed to decrease impersonation on the platforms. But as you will come to find in the next section, it hasn’t completely gone to plan.
Scammers Capitalize on Users Looking for Fake Blue Checks
Instead of weaponizing verification to appear legitimate, some scammers target users who are seeking verification of their own accounts. Numerous “verification-for-a-fee” scams have run rampant on online platforms for years.
These scams consist of ads and posts that promise users verification for specified payment. They often redirect to pages that mimic the official support pages of online platforms. However, they are really designed to harvest credentials, deploy malware, and enable scams.
You may think that having an official verification-for-a-fee service provided by the actual platform would help deter these schemes. However, the release of services like Meta Verified had the opposite impact. Scammers utilized the launch of the service to steal some credibility for their own fraudulent verification schemes.
How are Social Media Platforms Responding?
The idea of paid verification was sold as a means to decrease the number of fraudulently verified accounts by offering a legitimate path to receive a blue check. However, the roll out has seen more harm than good in the fight against scammers on these platforms.
The different platforms have had their own approaches to tackling the new issues brought on by policy changes. Meta and Tinder have both rolled out selfie verification, in which users must submit photos or videos of themselves to receive their check. Twitter also issued an option for ID verification, which is specified in the pop-up from the account’s blue check.
Twitter also took things in a different direction. In an attempt to limit the confusion between “legacy” verified accounts and Twitter Blue subscribers, they announced they would wind down their legacy verification system. This paved the way for Twitter Blue to become the main way to acquire a blue check, for better or for worse.
Real-World Case: The Million-Dollar Musician Verification
In 2022, ProPublica published the findings of an investigation into a scheme that resulted in hundreds of accounts across Meta Platforms receiving fraudulent verification. The scam, which dated back to at least 2021, created fake music profiles to acquire musician verification.
The music profiles, which existed on platforms like Spotify and Apple Music, were typically filled with tracks that consisted of basic looping beats and even dead air. Over 300 accounts belonging to the likes of jewelers, crypto entrepreneurs, internet models, and reality TV stars were involved.
The scam went as far as purchasing fake streams for the music profiles and fraudulently promoting the “artists” on popular music review platforms. The investigation concludes that Meta failed to properly vet these music profiles’ legitimacy before issuing musician verification.
The ProPublica investigation traced the scheme back to Miami-based DJ and crypto entrepreneur Dillon Shamoun. According to his alleged co-conspirer Adam Quinn, clients would pay $25,000 to $100,000 for account verification.
This example illustrates both sides of the issue around verification scams. It showcases the ability for accounts to acquire fraudulent verification, which can be used to pedal scams on the platform. Inversely, it also displays the market for scammers to pedal fraudulent verification. In this case, clients received what they paid for. However, many similar schemes exist that do not deliver on their promises.
How to Spot a Fraudulent Blue Check Account
Although the blue check adds a sense of officiality, there are some warning signs that can help you see through the façade. Our experts suggest you conduct the following course of action to sniff out a fake blue check:
- Conduct research. The legitimate social media profiles of public figures and organizations are typically easy to find online. If you are unsure if an account is legit, search for the verified accounts of the entity and compare them.
- Check their handle. Fake accounts can mimic the account username and profile picture of a legitimate profile. However, only one account can use a specific handle (the name after the @ sign). Compare the handle for any typos to confirm its legitimacy.
- Investigate their profile. Has the profile been recently created? Do they have an unusually low number of followers for the entity they are posing as? What is their posting history and is it consistent with what would be expected? These are all questions that can help you identify a fake blue check account.
- Have realistic expectations. It’s not likely that the President of the United States is promoting a new product or investment opportunity you’ve never heard of. And how many times do celebrities reach out to you, personally? While the prospect may feel fun and exclusive, don’t let excitement cloud your better judgement.
And if you ever get scammed by a fake blue check account, you can count on the team at Digital Forensics Corp. You can contact us 24/7 to speak with one of our specialists. You might not be able to trust a fake blue check, but you can believe our certifications.
