This week, while browsing x, formerly twitter, I noticed that he had reposted a series of TechCrunch articles. Except, wait, no, he hadn't.
But someone else who used my name did. I clicked on the profile and there was another Rebecca Bellan, using the same default and header photos as my real profile: me on stage at TechCrunch Disrupt 2022 and leering at Chloe, respectively. The bio read: “@Techcrunch Senior Reporter | journalist”, and had the location established in New York, where I currently reside. The account was created in May 2024.
Perhaps most surprising is after we realize that someone… who? A robot? – had created an imitation account of me was the fact that they had apparently paid to do so, as evidenced by the little blue check mark next to my name.
When x was still twitter, the blue check mark would let other users know that a profile had been verified as a featured person. But since Elon Musk's hostile takeover, that checkmark now means a user has paid at least $8 a month for a premium subscription that gives them access to longer posts, fewer ads, better algorithmic consideration, and Grok. And while You do not believe me? Just check out all the enthusiastic responses from any of x.com/elonmusk/status/1803441170686628124?s=46&t=Epl8sTZrKzZ5ctcw3cgciw” target=”_blank” rel=”noreferrer noopener nofollow”>musk posts.
Anyway, I'm neither a paid subscriber nor a fan.
I'm also not the only one who was targeted by phishing accounts. A handful of TechCrunch journalists have also been impersonated on the platform. Some of the accounts, including my fake one, have been suspended after being reported to x. But this only tells us that x is actively aware of this issue.
And the problem is that phishing attacks like these are much easier to carry out due to the degradation of x's verification system, which doesn't actually seem to require any identity verification. Having a pay-to-play blue check system simply invites bad actors and nation-states to abuse it.
Really, x should have learned his lesson by now. When Musk initially launched what was then called twitter Blue in November 2023, the feature was quickly weaponized to help bad actors impersonate celebrities, corporations, and government officials. One account posed as the pharmaceutical company Eli Lilly and posted a fake ad that insulin is now free. That tweet was viewed millions of times before being deleted, and the company's stock took a hit as a result.
Another account posed as basketball star LeBron James and posted that he was officially requesting a trade to the Lakers team. Another posed as Connor McDavid and announced that the New York Islanders had purchased the hockey player's contract.
Accounts posing as TechCrunch journalists have, so far, been benign. All they've done is repost content that honestly any of us could have posted anyway. This suggests that, rather than particularly malicious actors, the accounts were likely created by bots.
We've been covering the x verified user bot issue for some time. The irony is that Musk suggested that forcing users to pay for verification would actually remove bots from the platform, but that is clearly not the case.
For those who have been impersonated, you can report it to x, which will force you to complete a third-party verification that involves uploading photos of your government-issued ID and a selfie. I also asked my coworkers, friends, and followers to report the impersonation to x on my behalf, which may have accelerated the process.
x did not respond to TechCrunch to comment how many of its users could actually be Bots, why this problem continues to occur or what the platform is doing to solve it.