Sophos Cloud Optix
Verified accounts on Twitter can help you tell the difference between a real celebrity’s account, and those of imposters and over-enthusiastic fans.
In this way, you can tell the real @britneyspears apart from the likes of @britney_spears and @britneyspear.
A Naked Security reader got in touch this morning asking us how on earth a fictional character (Percy Jackson) had managed to get his Twitter account verified:
"How is an RP account verified by Twitter?"
We took a look, and sure enough there’s a blue verified badge beside @PerseusJackscn‘s name.
Has Twitter messed up, and erroneously marked an account as verified?
After all, they don’t have an unblemished record in this regard. Who can forget when it appeared as though Rupert Murdoch’s wife Wendi Deng appeared to be flirting with Ricky Gervais on Twitter from a verified account?
In this case, however, the verified badge is bogus. Our reader was duped by a simple trick.
Here’s how it works.
When Twitter first introduced Verified Accounts in mid-2009, Twitter looked somewhat different.
In the old days, your bio (including your Verified badge if had one) were displayed in the top-right hand corner. No header images.
Header images are the recently-introduced (and somewhat inflexible) graphics that you can shove behind your Twitter bio, and that users will see if they visit your account on the Twitter website.
In Percy Jackson’s example, as you can see above, his header image includes a silhouette of a winged horse.
Or in Barack Obama‘s case, a picture of adoring supporters can be seen on his verified account:
On casual inspection, you may not notice any difference between the verified status of Percy and Barack’s Twitter accounts.
However, the truth is that Percy has taken advantage of Twitter’s header image facility – and simply cut-and-paste a Twitter verified badge image onto his background.
Twitter users who visit his account will assume, as our reader did, that his account is verified.
So, how can you tell the difference between a fake verified Twitter account and the real deal?
Simply hover your mouse over the Twitter badge. If it’s really a verified account, a tool-tip will pop-up confirming that the account has been verified by Twitter’s team.
Here you can see exactly that on Barack Obama’s account.
If, however, no message pops up you can be pretty certain that the badge is only there because it has been incorporated into the user’s header image.
It would be good if Twitter could rethink its presentation of verified accounts, and not depend on the existence of an image displayed over a header graphic that can be easily altered by users.
There’s no suggestion that whoever is behind the Percy Jackson account has any malicious intent, but clearly the current way Twitter presents verified accounts could be exploited by those with mischief in mind.
If you want to keep informed about the latest security issues, feel free to follow me on Twitter.
I’m @gcluley. The account is not verified, but I could easily change my header image to make it look as though I am.
Thanks to Twitter user @CAMURPHY who points out that misuse of the Twitter verified badge is against the rules… https://support.twitter.com/articles/18311
"Misuse of Twitter Badges: You may not use a Verified Account badge or Promoted Products badge unless it is provided by Twitter. Accounts using these badges as part of profile photos, header photos, background images, or in a way that falsely implies affiliation with Twitter will be suspended."
I hate the fact that these companies only verify celebrities. Do not deserve the right to know anyone else is real? Who is these guys my daughter is talking to. Are they who they appear to be. I love the idea of verification to know who’s who, but I believe social media would be much safer if this concept was universal towards everyone being verified
If Everyone Verified then What need to be Verified?
Twitter actually places a slightly darker layer over the header image so that you can't replicate the verified badge. If you view the header image separately (https://twimg0-a.akamaihd.net/profile_banners/333787175/1357756254/web), you could see that the badge is actually a more brighter.
It doesn't look exactly the same, true, but at a casual glance it would fool you.
"It would be good if Twitter could rethink it's presentation"
Sorry, but I have to correct you: its*
Good article, though!
Oh my goodness. Slap me with a rusty mackerel. I’ll fix that immediately.
If you're stupid enough to think that an RP account is actually verified, then you deserve to be fooled. Grow up.
That’s an example. If you’re ignorant enough to insult everyone on the internet you feel is beneath you, then you need to grow up. No one deserves to be fooled.
I've been using Twitter for years now but I honestly had no idea such a huge deal could be made over a silly photo. Obviously the account isn't verified. I removed the header but what right do you have to use my account as an example without even contacting me first? I admit I was wrong. It was just for fun but it's gone now. Thank you very much for freaking the hell out of me. I'm even considering deleting my account because I'm apparently an ultimate fake now.
– Marc, owner of @PerseusJackscn.
Good job downplaying your misuse of twitter to represent yourself as a verified account. You were wrong and you were caught and you are paying the price. You don’t need to delete it, twitter already took care of that.
This article is freedom of speech. Your misuse was not.
Nice evasion technique, if this is used for malicious purposes can have serious damages
A fix is probably already in, but wouldn't it be a simple thing for Twitter to just add an "NV" badge to all standard accounts? Placed in the same spot as a verified badge, it would overlay any "background adjustments" users make.
Some tips on not following Fake celebrities on twitter:
http://virtualthoughts.org/2010/how-not-to-follow…
Twitter is no longer verifiying accounts randomly. There are only three ways to get verified 1. If you spend min $5000 a month on advertising Ex. promoted tweets. 2. You are a celebrity, on TV such as a branded person like "flo" from progressive or reality TVstar. 3. If a network ABC The Voice/A.I. or a celeb who has a large number of tweets or followers on twitter REQUEST you to be BLUE CHECK by their team. So no longer will you just WAKE UP and see a blue check mark for any random person. If a random person has one its because SOMEONE famous or connected got them it.
Is it possible to be verified as a signed music artist? or do you have to be one of the really famous ones?
After I saw Twitter verify the characters of Dallas it all became a joke. I had even taken a screenshot of it and shared it on Twitter. Heck see the accounts for yourself!!
It use to be if you used your domain email address to sign up for Twitter you were verified. It still should be that way.
So I’m reading this like 3 years late and I noticed you ended with, “I’m @gcluley. The account is not verified, but I could easily change my header image to make it look as though I am.”
So i followed the link to your page and since writing this you infact became verified!.
So congrats.
And why not to encourage users to use the fake blue mark, to make it accesible for everyone instead of chosen list?