Among other high-profile news, Twitter has been receiving criticism for its bad bots and fake users this year.
The issue began in December 2021, when a zero-day software vulnerability became exploited. A zero-day software attack occurs when a fraudster takes advantage of an undetected security flaw.
In Twitter’s case, the vulnerability appeared shortly after a software update had taken place in June 2021. It then became exploited faster than they could fix it.
In January 2022, Twitter confirmed they experienced a breach that affected millions of users. By July, an anonymous hacker boasted about a whopping 5,485,636 accounts that were on sale for $30,000 on the dark web.
To this day, the number of accounts purchased from this ad remains unclear.
“This bug resulted from an update to our code in June 2021. When we learned about this, we immediately investigated and fixed it. At that time, we had no evidence to suggest someone had taken advantage of the vulnerability.”
Twitter’s self-verification feature: What does it mean for Twitter users?
In August 2022, app researcher Jan Manchun Wong reported that Twitter is testing a new phone number verification badge. As of today, the only verification badge Twitter offers is the blue check mark icon, given to users that are “authentic, notable, and active”. The new phone number verification badge, on the other hand, is available to any user that opts in through Twitter’s settings.
By allowing users to further verify their identities, Twitter’s new verification feature should reduce the number of fake users and bots on the platform.
How social media and other online platforms can create safe and authentic interactions
Twitter is not alone in its fight against fake users and bots. Online platforms such as social networks, dating sites/apps, and P2P marketplaces have experienced a fake user problem.
Tinder began testing a new form of photo identification, where users now submit a selfie of themselves to confirm their identity. The dating app garnered attention when streaming giant, Netflix, released a documentary titled The Tinder Swindler, based on a scammer who posed as an ultra-wealthy individual to “swindle” women out of their money. To say the least, fake users have become a growing, visible issue and they are gaining traction.
Here’s what these platforms can do to better arm themselves against fake accounts and bots:
- Require both a phone number and an email address (multi-factor authentication, or MFA)
- Utilize phone number reputation intelligence
- Analyze IP datasets in relation to user email addresses
There are valuable insights tied to a person’s phone number: phone data attributes, traffic patterns, carrier data, and more.
With machine learning and data science that draws on data patterns, the phone number can serve as a powerful trust anchor and can help Twitter and other platforms discern between human and non-human behavior.
The importance of phone numbers
Phone numbers are now at the center of authentication. The series of numbers act as a unique identifier for an individual.
The phone number, originally created to connect with others, has now evolved into a means of trust. Today, a single phone number has the power to reveal valuable information about the validity of a good user and filter out the bad ones.
Phone numbers can provide valuable data points, such as:
- Account holder name
- Account activation date
- Pre-paid/post-paid determination
- Tenure of account
- Porting history
Companies can use this identifying information to validate users and secure accounts and use phone verifications to keep customers safe.
Stop fake users before they set foot in your platform
Now is the time to protect your user’s accounts by challenging suspicious activities like recent SIM swaps, personal information updates, and password resets.
Before sending a multifactor authentication message via SMS or voice, leverage phone number intelligence to safely legitimize your good users and filter out the bad ones with just a phone number.
Phone number intelligence first assesses a user’s risk level and verifies whether they’re a real person without disrupting or delaying the sign-up flow. If a user passes the trust and identity assessment, they will receive the one-time passcode to finalize the creation of their account, but if they fail, they will be blocked from creating an account.
Phone number intelligence puts a hard stop on fake users and bots, before they enter your platform. Enhance your onboarding process to detect and eliminate fake and fraudulent accounts, from log-in to log-out.
