“As we’ve seen from the initial roll-out of the blue verified badge for paying subscribers, there has been rampant impersonation of a variety of brands, which has led to a halt on the program for now. While paying $8 to receive a blue verified badge may seem like the most obvious way for scammers to steal money or cryptocurrency from users, an overlooked area of concern is that the traditional tactic of compromising a verified Twitter account to launch impersonation attacks will become much easier because of the availability of more verified accounts for scammers to target.
“Since earlier this year, I’ve recommended that Twitter add some type of contextual awareness around verified accounts making changes to their accounts or identifying suspicious behaviour from verified accounts that have changed things, such as their profile photo or display name. The additional context, similar to the birdwatch functionality on Twitter, could be a way to help thwart scammers from successfully duping users out of their money or cryptocurrency.” – Satnam Narang, sr. staff research engineer, Tenable