The Rise of Brand Risk on Twitter

Josh Shaul


January 30, 2023

Ever since Elon Musk took over Twitter on October 28 of last year, the company has been in a state of turmoil. In addition to making a number of abrupt policy changes, the new CEO laid off thousands of employees, many of whom were from the content moderation teams responsible for fighting abuse and misinformation on the platform. As a result, many businesses are questioning the future of brand safety and reputation on Twitter.

It is imperative that businesses realize that despite their best intentions, social media platforms do not care as much about their brand and customers as they do. Meta recently clarified how they will attempt to make it easier to report brand impersonations for takedown, but that does not mean they are looking for impersonations to the same degree you would like them to. In short, businesses cannot rely on Meta, Twitter or other social media platforms to protect their brand online.

Brand Safety Risks

Brand safety and brand impersonation are two of the more pressing concerns businesses have related to social media and their reputation. Brand safety boils down to preventing your brand from appearing in unsavory environments or near inappropriate or controversial content.

Once Musk took over Twitter, top advertising agency IPG Mediabrands instructed clients to suspend advertising until the platform could clarify its trust and safety plans and how it will execute on them. When it comes to brand safety, it is relatively easy to stop your ads from displaying near potentially inappropriate content—just stop running ads on the platform, as did half of Twitter’s top advertisers in November.

However, when it comes to impersonations of your brand on a social media platform, you cannot simply turn a blind eye. Because even if you have done nothing wrong, 63% of people hold organizations responsible for spoofs. You need to continuously monitor platforms for the misuse of your brand, because you cannot risk trusting the social media platforms to apply the same rigor you would.

Brand Verification on Twitter

For years, Twitter’s blue checkmark communicated trust because any account using it underwent additional verification. Unfortunately, after the $8 Twitter Blue subscription revamp, anyone could have their account emblazoned with that at-one-time-trusted mark. As a result, some of the largest brands in the world, and their followers, fell victim to impersonators.

For example, a fake Eli Lilly account announced the pharmaceutical company would no longer charge for insulin. The next day the pharmaceutical company’s stock price dropped, erasing billions in market capitalization. In another case, a user impersonated Twitter itself (blue check and all) and immediately began running scams aimed at stealing people’s cryptocurrency wallet credentials.

Since then, Twitter has clarified some of their verification policies regarding Twitter Blue and Twitter Blue for Business. As of December 11, Twitter has re-launched Twitter Blue with an additional review step aimed at preventing impersonations, which requires the verification of a phone number before Twitter will grant an account a blue checkmark. In addition, only Twitter accounts that are at least 90 days old will be eligible for a blue checkmark and changes to the profile picture, display name or Twitter @handle will remove the blue checkmark until Twitter re-validates the account.

The phone number requirement might seem like a step in the right direction. However, if you search “bypass Twitter phone verification 2022,” Google serves up millions of results. It remains to be seen whether these policies will actually stop determined impersonators.

Twitter is also currently testing a Twitter Blue for Business, which will make corporate entities—and potentially their employees—eligible for a gold checkmark. The rollout began with companies that previously had relationships with Twitter. Many big companies’ accounts are now marked by the gold checkmark (e.g., Amazon, Microsoft, Sony, etc., but the requirements for verification for other companies are not yet clear.

Protecting Your Brand

Twitter may be not a lost cause quite yet, but, some reports have documented a rise in racist, homophobic and anti-semitic hate speech on the platform. To prevent the display of your ads near inappropriate content, it may be wise to pause any Twitter advertising for the foreseeable future.

It also makes sense for you or your marketing department to begin exploring Mastodon, Post News, Hive and other new social media platforms that could eventually become a Twitter alternative. At the very least, you should claim your brand name account there.

In addition, companies also need to protect themselves by finding and taking down impersonations of their brand. Fraudsters may seek to steal user account credentials, harvest bank account information, take payment for goods that never arrive or trick users into cryptocurrency scams. Attackers will take the opportunity to exploit the trusted relationships you have established with the public whether your brand is active on Twitter or not. You need to continuously monitor Twitter for the misuse of your brand.

Since manually monitoring social media for scams and impersonators can be a daunting task—there are an estimated 450 million active Twitter profiles and up to 500 million tweets are posted every day—companies can engage with brand protection or digital risk protection service providers. These companies can automate the menial task of combing through the internet, social media platforms and mobile app marketplaces for brand abuse.

Ultimately, companies cannot afford to simply wait for Twitter, Meta or any other social media platforms to solve the problem. Taking proactive steps to address the risk will ensure that your brand is protected and your reputation is secure.

Josh Shaul is CEO of AllureSecurity and the author of the book Practical Oracle Security.