A hot trend on Twitter this week is the use of imposter financial institution accounts originating from Hostinger‘s 16mb.com domain.

I did what I could to curb the Chase Bank scheme that I encountered last Friday, and I’ve since found several others, all attempting to direct distressed users to elaborately staged fake web frontends.  Santander and PayPal are the ones that immediately come to memory, and then there’s this one from “Wells Fargo” that popped up overnight.

wf

The same formula is recycled each time: stand up an “at a glance, legit looking” Twitter presence, prey on users having a highly-charged, stressful experience with a credit card, and then direct them to a fake website that looks exactly like the one their bank provides.  Before the user knows it, they’ve unwittingly entered their online banking credentials, and the crooks are on their way.

As Twitter searches for a new identity in the pursuit of long-term viability, it needs a hard look in the mirror.  The only real enhancement Twitter has brought to the table in recent memory is what – the inclusion of animated .gifs?

Twitter is a growing wasteland for fraud.  A cesspool of bogus accounts, with no assurance of identity – save for a little blue icon.  What is that icon really supposed to mean?  Non-repudiation?  I come from a world where identity is asserted using certificates that can be openly inspected – not this 1307051362_737.

Twitter could be taking any number of steps to curb this activity – the creation of imposter financial service accounts.  They could run account creation algorithms, evaluating whether the visible name is identical to an already established “verified” account.  And they don’t perform even this most basic check today, or inspect the avatar to see if it’s pixel for pixel, byte for byte the same as a verified avatar, or scan any of the profile contents, or look for patterns in tweets similar to accounts already flagged as fraud, or further learn anything at all from their own past.  They appear to just leave their door open to whoever walks in.

Why not close this loop?  Because Twitter is tanking.

Boasting 310 million active users, at least 23 million of these are bots by their own admission.  And that’s a two year old figure; time and technology have marched on and bots have grown exponentially; there’s no question.  Factor in the actual number of bots (what, you think Twitter wasn’t going to lowball that one?), the rampant use of fake followers – even Hillary has a million plus – and what are you really left with – “growth” figures that illustrate no real meaningful adoption.

A year ago, a share of Twitter flirted in the low $50s.  Today, that money gets you 3 times as many shares.

 

I’m sure there’s some inner struggle over there to demonstrate growth without cutting themselves off at the legs by purging  a quarter to half of their “user” base.  From where I sit, no one at Twitter wants to look in the mirror and take that on.  And it’s at the expense of allowing identity theft to thrive in a controlled environment.  That’s a battle I take on personally, in my free time, sometimes every day of the week, just as countless others do.  It keeps me busy glowing red hot with benevolence, but it’s work no one should have to do.

I’ve long adored Twitter and it’s place in this world as the internet’s stream of consciousness.  But the time has come to clean house.  Maybe that means it’s time for Twitter to go.  Security and privacy are deeply passionate pursuits for all us, and right now, Twitter is just in the way.

Advertisements