Brands Beware: Xs New Badge System Is a Ripe Cyber-Target

Scammers have targeted the vaunted blue check marks on the platform formerly known as Twitter, smearing individuals and brands alike.

Fraudsters are taking advantage of the new verification system implemented by X, formerly known as Twitter, in order to impersonate brands and steal personal information.
The infamous blue checkmark used to be reserved for verified companies and influencers. But after purchasing the microblogging giant, and following a period of rapidly declining users and revenue, Elon Musk changed the rules, enabling anybody to obtain one simply by paying a monthly fee.
The sites new, liberal approach to authentication
has opened the door for scammers
, while the introduction of other tiers of authentication — gold and gray badges, for instance — has created confusion for brands and users alike.
Dark Reading was unable to reach X for comment on this story.
In July, the budget British airline easyJet canceled over 1,700 summer flights from Gatwick Airport in London.
Anticipating a wave of angry customers, scammers filled in the void.
According to the UK nonprofit Which?, a bevy of
copycat easyJet accounts were created
in the hours thereafter, with at least five surviving an initial sweep of account shutdowns. Their usernames mimicked the companys legitimate username, and in their bios they linked to Online Help Hubs, which were actually just phishing pages designed to harvest personal information. The scammers also engaged angry customers over direct messages, and occasionally intervened in conversations they were having with the actual company.
Source: Which?
Not all of the blame lies with X, though. Companies that shirk on customer service often direct angry customers to social media instead, since its allegedly faster (read: more cost-effective).
One
UK resident told The Guardian
in August how, after months of fruitlessly attempting to get a refund on a canceled holiday flight, he finally conceded to engage with Booking.com over X.
Booking.com asked him to send them his phone number via DM. After a call over WhatsApp, they agreed to refund his payment, but he would first need to download an app.
Only then, with his suspicion aroused, did the man realize the companys account handle had an unexpected hyphen in it, and their WhatsApp caller ID traced to Kenya.
Ive since come across other fake Booking.com Twitter accounts which are following customers who are at their wits end trying to get a refund and have resorted to X to air their grievance with the company,” he recalled to reporters.
Rather than just the blue check mark, X currently offers four tiers for accounts:
The blue check now only reflects that a user pays for an X Premium monthly subscription.
Gray check marks are reserved for government bodies and officials.
Gold check marks replace the blue, to authenticate official corporate accounts.
Individuals associated with organizations may also have a logo next to their names.
A gold badge costs $1,000 per month (
plus $50 for additional affiliates
), meaning that small businesses may not be able to afford authentication, and larger ones may not want to pay. And its even led to inconsistencies within organizations. In
a blog published Thursday
, Kaspersky highlighted how Microsofts presence on X is a mess of accounts with and without gold check marks, some affiliated with the organization and some not.
Companies unable (or unwilling) to shell out the cash and organize around Xs new rules — and companies like easyJet, for whom even doing everything right isnt enough to fend off copycats — will need other means of protecting their customers and their brand names. Because
like any typosquatting endeavor
, a diligent phishing campaign can erode consumer trust.
For sensitive communication or support, says Callie Guenther, senior manager of threat research at Critical Start, directing customers back to the official website or a recognized customer service number can be effective. And a consistent online presence, characterized by regular updates and engagement, can deter impersonators and give customers confidence in the brands authenticity.
However, she cautions, any system that implies trust through verification can be exploited, so users should always be cautious. LinkedIn, for example, doesnt have a checkmark system similar to Twitter, but fake profiles or impersonators can still exist.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Brands Beware: Xs New Badge System Is a Ripe Cyber-Target