How Twitter users can fake a verified account - and how you can tell the difference

Filed Under: Celebrities, Featured, Twitter

Twitter verified badgeVerified accounts on Twitter can help you tell the difference between a real celebrity's account, and those of imposters and over-enthusiastic fans.

In this way, you can tell the real @britneyspears apart from the likes of @britney_spears and @britneyspear.

A Naked Security reader got in touch this morning asking us how on earth a fictional character (Percy Jackson) had managed to get his Twitter account verified:

"How is an RP account verified by Twitter?"

We took a look, and sure enough there's a blue verified badge beside @PerseusJackscn's name.

Percy Jackson Twitter account, apparently verified

Has Twitter messed up, and erroneously marked an account as verified?

After all, they don't have an unblemished record in this regard. Who can forget when it appeared as though Rupert Murdoch's wife Wendi Deng appeared to be flirting with Ricky Gervais on Twitter from a verified account?

In this case, however, the verified badge is bogus. Our reader was duped by a simple trick.

Here's how it works.

Preview of verified account on TwitterWhen Twitter first introduced Verified Accounts in mid-2009, Twitter looked somewhat different.

In the old days, your bio (including your Verified badge if had one) were displayed in the top-right hand corner. No header images.

Header images are the recently-introduced (and somewhat inflexible) graphics that you can shove behind your Twitter bio, and that users will see if they visit your account on the Twitter website.

In Percy Jackson's example, as you can see above, his header image includes a silhouette of a winged horse.

Or in Barack Obama's case, a picture of adoring supporters can be seen on his verified account:

Barack Obama, verified on Twitter

On casual inspection, you may not notice any difference between the verified status of Percy and Barack's Twitter accounts.

However, the truth is that Percy has taken advantage of Twitter's header image facility - and simply cut-and-paste a Twitter verified badge image onto his background.

Twitter users who visit his account will assume, as our reader did, that his account is verified.

So, how can you tell the difference between a fake verified Twitter account and the real deal?

Simply hover your mouse over the Twitter badge. If it's really a verified account, a tool-tip will pop-up confirming that the account has been verified by Twitter's team.

Here you can see exactly that on Barack Obama's account.

Barack Obama - truly verified on Twitter

If, however, no message pops up you can be pretty certain that the badge is only there because it has been incorporated into the user's header image.

It would be good if Twitter could rethink its presentation of verified accounts, and not depend on the existence of an image displayed over a header graphic that can be easily altered by users.

There's no suggestion that whoever is behind the Percy Jackson account has any malicious intent, but clearly the current way Twitter presents verified accounts could be exploited by those with mischief in mind.

If you want to keep informed about the latest security issues, feel free to follow me on Twitter.

I'm @gcluley. The account is not verified, but I could easily change my header image to make it look as though I am.

, , ,

You might like

14 Responses to How Twitter users can fake a verified account - and how you can tell the difference

  1. Thanks to Twitter user @CAMURPHY who points out that misuse of the Twitter verified badge is against the rules... https://support.twitter.com/articles/18311

    "Misuse of Twitter Badges: You may not use a Verified Account badge or Promoted Products badge unless it is provided by Twitter. Accounts using these badges as part of profile photos, header photos, background images, or in a way that falsely implies affiliation with Twitter will be suspended."

  2. Jay · 456 days ago

    Twitter actually places a slightly darker layer over the header image so that you can't replicate the verified badge. If you view the header image separately (https://twimg0-a.akamaihd.net/profile_banners/333787175/1357756254/web), you could see that the badge is actually a more brighter.

  3. Pantaloons · 455 days ago

    "It would be good if Twitter could rethink it's presentation"

    Sorry, but I have to correct you: its*

    Good article, though!

  4. Ridiculous · 455 days ago

    If you're stupid enough to think that an RP account is actually verified, then you deserve to be fooled. Grow up.

    • Anonymous · 8 days ago

      That's an example. If you're ignorant enough to insult everyone on the internet you feel is beneath you, then you need to grow up. No one deserves to be fooled.

  5. Marc · 455 days ago

    I've been using Twitter for years now but I honestly had no idea such a huge deal could be made over a silly photo. Obviously the account isn't verified. I removed the header but what right do you have to use my account as an example without even contacting me first? I admit I was wrong. It was just for fun but it's gone now. Thank you very much for freaking the hell out of me. I'm even considering deleting my account because I'm apparently an ultimate fake now.

    - Marc, owner of @PerseusJackscn.

    • Mark · 455 days ago

      Good job downplaying your misuse of twitter to represent yourself as a verified account. You were wrong and you were caught and you are paying the price. You don't need to delete it, twitter already took care of that.
      This article is freedom of speech. Your misuse was not.

  6. Ronny Vasquez · 455 days ago

    Nice evasion technique, if this is used for malicious purposes can have serious damages

  7. Dian · 454 days ago

    A fix is probably already in, but wouldn't it be a simple thing for Twitter to just add an "NV" badge to all standard accounts? Placed in the same spot as a verified badge, it would overlay any "background adjustments" users make.

  8. pras · 454 days ago

    Some tips on not following Fake celebrities on twitter:
    http://virtualthoughts.org/2010/how-not-to-follow...

  9. Suzanne · 408 days ago

    Twitter is no longer verifiying accounts randomly. There are only three ways to get verified 1. If you spend min $5000 a month on advertising Ex. promoted tweets. 2. You are a celebrity, on TV such as a branded person like "flo" from progressive or reality TVstar. 3. If a network ABC The Voice/A.I. or a celeb who has a large number of tweets or followers on twitter REQUEST you to be BLUE CHECK by their team. So no longer will you just WAKE UP and see a blue check mark for any random person. If a random person has one its because SOMEONE famous or connected got them it.

  10. Trev · 147 days ago

    Is it possible to be verified as a signed music artist? or do you have to be one of the really famous ones?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.