Technology
Twitter's blue tick
Md. Mintu Hossain Dhaka
Published: 21 October 2022, 08:00
Twitter's blue tick
On August 15, an e-mail arrived in the inbox of Diana Pearl, a media editor based in New York. It says that someone from Moscow, Russia has entered (logged into) his verified Twitter account. This type of mail was known before Perl. Such mails are usually sent from Twitter. It has a white background, black text and blue links.

Diana clicked on that link thinking about the security of the account. To keep his account safe, he went to that link, entered his password and updated his account. A few moments later a message appeared in a Telegram group.

It provides screenshots and a link to Diana's Twitter profile. Three hours later, the Telegram group's admin sent a message saying, 'Sold'. That means Diana's account has been sold on the black market.




The attack that Diana was subjected to was called a 'phishing attack'. A phishing attack is usually done by tricking or luring someone into clicking on a link to obtain important information. Cyber ​​crooks use such tactics to steal information. In Diana's case, the mail, which impersonated Twitter, was sent by a hacker. The hacker copied the type of mail sent by Twitter. Diana was out of the house when she read the mail. When he came home and sat on the computer to open the mail, he could not be patient enough. Apart from this, the mail asked for quick action. Pearl did not verify that mail. If he had checked properly, he could have caught this phishing mail very easily. Because, the page that this link took him to was not an official Twitter link.

A huge black market has developed for buying verified Twitter accounts. Diana Pearl's account sale is a small example of that. In the Telegram group where those Twitter accounts are sold, they are bought and sold for only a few hundred dollars. Its buyers use these accounts for NFT fraud. Non-fungible tokens or NFTs are a recent addition to the field of virtual currency or cryptocurrency. Such profile theft is a regular occurrence now. Hundreds of people's verified profiles are getting hacked every day. Even though there is evidence of such incidents for several years, the platforms are not taking action against it.

When The Atlantic writer Jacob Stern's account was hacked in May of this year, Moonbirds was used to trick NFT owners into taking their tokens into a hacker's wallet. Phishing links offer opportunities to buy NFTs with cryptocurrencies within hours of account hijacking.

A similar incident happened to MPR journalist Dana Ferguson last August. His account is also used for the same purpose. All these are traded in Telegram groups.


In some cases, hackers use small NFT artists to scam them. California-based writer Marisa Wenzock's account was hacked and used to promote NFT collection called MetaBattlebots. Meta BattleBots authorities shut down the hacked account after it was informed about such promotion.

UC Santa Barbara security researcher Dipanjan Das conducted a study with NFT fraud. He said about the black market of blue tick or verified account, such a tick basically confirms whether an account is correct or not.

If such an account falls into the hands of an online fraudster, he can exploit it to great effect. They target the multi-billion dollar NFT ecosystem. Hackers, account buyers and fraudsters can withdraw their profits with just a few tweets. This happens before the original account owner recovers the account.

Haseeb Awan, CEO of mobile security provider Ifani, told tech website The Verge, "A simple NFT scam can make millions of dollars for cyber crooks. Even if they succeed even once in ten attempts, they can earn a lot of money.'

Previously, hacking of a Twitter account with a blue tick was rare. Such a process requires a concerted effort by hackers. Earlier they were sold on sites like Swapdi and Ogu.gg. But now the demand for such accounts has increased due to NFT promotion and fraud. In addition, hackers can reach many buyers on platforms like Telegram. Also, it has become easier for hackers to hack Twitter.