Who are blue check scammers on X, and what is their aim?

Reports suggest that there has been a rise in misleading blue check X handles used to carry out phishing attacks.
5 September 2023

Since anyone can get a blue check on Twitter without proving who they are, it is causing many problems. Source: Shutterstock

  • Since anyone can get a blue check on Twitter without proving who they are.
  • Most bad actors are targeting consumers complaining of poor customer service on X.
  • As yet, the X CEO has yet to address the rise in scammers.

After Elon Musk purchased Twitter for US$44 billion, the social media platform endured a series of chaotic events, the like of which the platfrom had never seen before. Twitter’s verification program was overhauled, making it easier for anyone to have a blue check, and the bird logo that has been part of the social network’s identity since 2006 was removed.

Musk also abruptly rebranded Twitter to what it is known as today — X. The changes happened so fast, a lot of users were left confused about the direction of the platform. Cybercriminals used all the turmoil to their advantage, primarily through phishing emails.

But that was just the beginning.

Under the new Twitter Blue subscription, anyone who pays US$8 monthly get a blue check mark, showing they are “verified.” What raised eyebrows is how the check appears almost instantly once someone stumps up the cash; no questions are asked. People do not have to prove their identity.

Musk was, however, confident that the changes in X’s verification process would be “essential to defeat spam.” Yet, very soon after, users began sharing details of a new wave of clever phishing emails from x.com targeting Twitter Blue users, prompting them to migrate their current Blue subscription over to an X one. 

It’s titled “Preserve your status. Transition smoothly.” While this has all the signs of a legitimate email, it’s anything but. Even experts warned that the new verification process—or lack thereof—would likely make it easier for bad actors to appear legitimate. 

A new phishing campaign that targets Twitter Blue subscribers with their blue checks.

A new phishing campaign that targets Twitter Blue subscribers is leveraging the confusion around the platform’s rebranding to X. The attack seemingly authentic e-mail urging subscribers to migrate their blue subscription to X. Source: X

Researchers at cybersecurity vendor Proofpoint highlighted a notable increase in Twitter-related phishing campaigns. Bad actors were specifically targeting Twitter Blue subscribers. For instance, a fake but verified account, pretending to be the pharmaceutical company Eli Lilly, tweeted, “We are excited to announce insulin is free now,” forcing the company to proclaim this was false. 

Brands who had spent big on advertising on Twitter began deserting the platform, concerned about the risk of impersonation. In fact, as the social media world shifts its approach to identifying verification and cybersecurity, social engineering and phishing may remain the primary sources of social media account compromise.

In 2022 alone, social media account takeover reports spiked 288% over the previous year, according to The Identity Theft Resource Center.

Today, the blue check remains a cautionary tale

But phishing emails and impersonation weren’t the only issues. A recent report by The Guardian indicates that consumers who complain of poor customer service on X are now the target of scammers, who offer support disguised as customer service agents from the brands consumers are contacting. 

“The scams are successful because X removes blue checks from non-subscription users, which makes it more difficult for consumers to recognize authentic accounts,” the report reads.

In response to the news, Mary Kernohan, head of nurture at brand protection specialist SnapDragon Monitoring, told Tech Wire Asia that given that X is a popular tool frequently used for customer service, it provides the perfect platform to target consumers under the radar, while reaching a mass audience. 

“When X first announced it was removing blue checks from non-subscription accounts, it sparked warnings from security experts that criminals would hijack on the move to target users with scams. These warnings were not unfounded,” she said in an email, adding that these scams will be virtually undetectable to the untrained eye. 

Blue check scammers proliferating on X.

Blue check scammers proliferating on X.

To put things into context, even accounts belonging to bad actors will have a blue check, while the logos, names, and artwork will all look legitimate. “Plus, criminals are crafty, and rather than just launching an attack or asking for personal information straight away, they will instead lure the victim into a private conversation where they will gain their trust before asking them to hand over their bank details,” she added. 

Musk has yet to address the rise of blue check scammers on Twitter entirely, but not too long before Twitter Blue went live, the CEO, who sat down for an interview with the BBC, made a bold claim that most scammers had abandoned Twitter. Musk claimed that the US$8 Twitter subscription fee will discourage bad actors from creating accounts, particularly at scale. 

At the very least, this appears to have been a wildly optimistic hot take.

The rise in…ahem…Fake Blues…was alarming in the wake of the verification change.