Subscriptions to Meta and Twitter Verified Identities: Benefits and Risks

The struggle to keep secure online continues as Twitter and Meta Platforms implement paid subscriptions for social media identity verification and protection.

‍

According to The Identity Theft Resource Center, a non-profit that aids in educating customers about these issues, the number of reports of social media account takeover increased 288% in 2022 over the previous year.

‍

Users of Instagram and Facebook can submit their government ID and obtain a blue verification badge through Meta's new verification subscription, which is initially only available overseas, for $11.99 per month on the web and $14.99 per month on iOS and Android. According to the company's recent statement to Trade Algo, users also receive "proactive monitoring" for account impersonation for that cost.

‍

CEO of Meta Mark Zuckerberg stated in a blog post that "this new functionality is about boosting authenticity and security across our services."

‍

The new subscription service from the corporation is comparable to Twitter Blue, a redesigned service that also offers users a verification badge in exchange for a monthly or annual cost.

‍

A verified account gives you more confidence that the person you are interacting with is who they claim to be. This is not infallible, though. Although challenging, it is possible to trick the verification mechanisms on various social media platforms. Only verified users on Twitter will be able to take use of SMS-based two-factor authentication.

‍

According to Zulfikar Ramzan, chief scientist of data protection firm Aura, account impersonation is currently the biggest security concern on social media because it is relatively easy to do. "Anybody in the world can be impersonated, including you, with the perfect profile picture and a clever username mistake. The imposter may have an easier time convincing my followers to provide critical information or perhaps even conduct financial transactions if they send them a message posing as me, he said.

‍

Scammers can steal your personal information, read your private conversations, con your connections, post publicly as you, and carry out other evil deeds once they get access to your social network account.

‍

Ramzan explained, "Once they are in, there is no telling what they can do to your account. "Protecting your friends and family from potential threats, scams, and cybercrime" is more important than just safeguarding yourself.

‍

What cyber experts have to say about Meta and Twitter

The case for paying for identity verification is strongest for some users, including public figures with large followings and "semi-public" characters well known within a particular community. This is because doing so will help users defend their brand and their fan base. However, thorough verification calls for human work, additional oversight, more resources, and operational maintenance, all of which result in higher expenses for technology companies.

Wall Street appears upbeat about the potential to increase revenue from these social media subscriptions; according to Bank of America, Meta may add up to 12 million paid members by early next year, generating around $1.7 billion in revenue.

‍

Yet, proponents of consumer internet use are concerned about how these changes would affect security.

‍

According to James E. Lee, chief operating officer at the Identity Theft Resource Center, "this will be a tremendous waste of time and money."

‍

Lee remarked that it is unclear how stringent the vetting procedure will be.

‍

Twitter Blue was temporarily introduced in November, but after its initial iteration caused the business significant humiliation due to individuals abusing the new paid feature by impersonating celebrities and brands, Twitter removed it.

‍

It's unlikely that verified accounts will truly be more secure given that social engineering and phishing are the main ways that social network accounts are compromised. Lee predicted that a thief who managed to get past the authentication would compromise them. Beyond that, though, he continued, "it's just plain wrong to charge people to verify their identity to help keep their personal information protected."

‍

Customers shouldn't believe that paying for these services 100% ensures account security, as this is not possible. "There is a higher level of confidence that someone is who they claim to be when you connect with a verified account. This is not infallible, though. The verification systems on these social networks can be tricked, though it's challenging to do so," Ramzan added.

‍

These are five fundamental steps that all users can do to help secure social media accounts and help prevent takeover fraud as the social media sector changes its approach to identity verification and cybersecurity.

‍

Use wise password management strategies.

‍

Internet users frequently have troubles as a result of reusing passwords, according to John Buzzard, chief fraud and security analyst at Javelin Strategy & Research. It goes without saying that after a password has been cracked, scammers will try to exploit it to access additional accounts connected to the person.

‍

In addition to using different passwords for every website, it's a good idea to use lengthier phrases and challenging passwords to make them more difficult to guess using brute force. In order to make passwords even more difficult to guess for potential scammers, password managers can even generate passwords using random character strings.

‍

Make two-factor authentication available.

If you have what is known as two-factor, or multi-factor, authentication activated, a fraudster typically won't be able to access your account, even if they manage to get their hands on your password. Enabling two-factor authentication is simple to set up and, according to Ramzan, may be the single best thing you can do to safeguard an online account.

‍

Under Twitter's new strategy, text-based multi-factor authentication will only be accessible with a paid membership, which increases the danger of identity theft for Twitter users who don't enable another type of two-factor authentication.

‍

Anyone who loses this protection runs a higher danger of having their account compromised, according to Ramzan.

‍

There is, however, a significant qualification. As there are ways to exploit SMS-based authentication with so-called SIM swapping attacks, it is probably the worst. Twitter will only no longer provide SMS-based two-factor authentication, but it still provides two other stronger and more dependable two-factor authentication options, according to Ramzan. 

‍

Twitter has issued a warning that non-subscriber accounts who utilize SMS authentication must turn it off before March 20 or two-factor authentication will be turned off for that account.

‍

Using Instagram as an example, it is simple to configure this security feature on the majority of social media platforms. Choose "Text Message" or "Authentication App" under "Settings," "Security," and then press "Two-Factor Authentication."

‍

According to The Identity Theft Resource Center, text messages can be spoofed, therefore it's better to use an authentication tool like Google Authenticator.

‍

Never divulge temporary security codes.

If you exchange one-time codes with criminals, they can still access your account even if two-factor authentication is activated.

‍

Eva Velasquez, president and CEO of The Identity Theft Resource Center, advised people not to ever disclose codes, regardless of how plausible the justification may seem.

‍

These frauds can operate in several ways. A fraudster who has access to a social media user's username and password would frequently assume the identity of that user's friend and complain about not being able to access their account. The con artist requests authorization to send a code to the friend's phone. The individual complies, believing she is supporting a friend. She's actually just granted the fraudster access to her account, usually locking herself out in the process.

‍

Buzzard suggested following this general rule of thumb: If you didn't initiate a call, email, or text, don't provide any information to the requestor.

‍

That can lead to a variety of outcomes since "threat actors are incredibly skilled at coming up with ruses that convince people to act rapidly," according to Ramzan.

‍

Provide as little information as possible to social media platforms

Although social media account compromise is a recent phenomenon, Ramzan provided a concrete illustration of how it is modernizing some of the oldest scams, such preying on the elderly. With a social media identity stolen, a thief approaches the grandmother of an account holder to ask for money. Knowing that the grandson frequently refers to his grandma as "Nanna," the thief can make the request seem more genuine. The grandmother happily complied, transferring the burglar a few thousand dollars under the impression that her grandson had genuinely been in an accident and needed money right away.

‍

Try to provide as little personal information as you can while creating a social network account, said Buzzard. "If a field is not required, leave it blank. particularly stuff like your email and phone number. He warned against somebody trying to impersonate you by finding your phone number and using a fake one. You can usually delete these details from your account later if you've previously provided them.

‍

Aura advises social media users to uninstall any third-party applications linked to their accounts. In this manner, if hackers do gain access to a user's account, they won't immediately have access to other private accounts and apps. Users of Facebook, for example, can remove third-party applications by selecting "Settings & Privacy," "Settings," and "Apps and Websites.”

‍

Users of social media shouldn't believe services that promise to assist with account recovery. The business stated in a blog post that "bots can use it against you if you've publicly tweeted about your Instagram account being hacked." They will contact you regarding a service that will enable you to "reclaim" your account. Avoid falling for that.

‍

Another tactic, according to Ramzan, is to delete as much of your personal internet data as you can to make it more difficult for scammers to utilize it for social engineering. This can be done through a professional service or on your own, but it requires continual effort because deleted data frequently resurfaces. 

‍

Identify the telltale indications of an account theft

Inform the social media provider as soon as something seems fishy.

‍

According to Facebook, if you notice that your email address or password has changed, your name or birthday has changed, friend requests have been sent to people you don't know, messages have been sent that you didn't write, or posts have been made that you didn't make, your account may have been hacked.

‍

Please get in touch with Facebook if any of these situations apply. Similarly, go to Instagram's support page if you think your account has been compromised.

‍

In addition, Buzzard advised warning your friends outside of the compromised site to be on the watch for strange communications or requests for cash. "Scammers are going to mimic you soon and try to victimize your circle," a scammer said.