Emerging Threats

What’s a Twitter bot and how to spot one

June 16, 2020

Scammers are finding success with a tool designed to infiltrate social media accounts and potentially your personal information: Twitter bots.

What are they? If you’ve seen Twitter accounts spreading fake news or tweets falsely claiming they have a cure for COVID-19, you may have spotted Twitter bots.

These social media bots do nefarious things like trolling and propagating misinformation for purposes that include spinning elections, inciting panic, and spreading malware.

It’s a good idea to learn what Twitter bots can do, how prevalent they are, and how to detect these automated accounts to help protect your devices and personal information.

Twitter bots surge: What are they and what can they do?

Twitter bots, also known as zombies, are automated Twitter accounts controlled by bot software. While they are programmed to perform tasks that resemble those of everyday Twitter users — such as liking tweets and following other users — their purpose is to tweet and retweet content for specific goals on a large scale.

The purpose of the bot and its activity can be helpful or harmful.

Twitter bots can be used for helpful purposes, such as broadcasting important content like weather emergencies in real time, sharing informative content en masse, and generating automatic replies via direct messaging.

Twitter bots also can be designed for the malicious purposes of platform intimidation and manipulation — like spreading fake news campaigns, spamming, violating others’ privacy, and sock-puppeting.

You might wonder if one account can cause damage. It usually takes a larger effort. Twitter bots are often part of what’s known as a botnet. A botnet is a broad network of automated accounts that work together to appear legitimate, liking and following each other as if they were real. Worth noting: Bots also operate on other social media platforms.

Twitter bot scams

Twitter bots rely on stealth. As artificial automations, they can pretend to be real people, liking your tweets and content. Or they can act as malicious bots that try to intimidate, bully, persuade, and incite you to believe things that may not be true and act in ways that are fueled by false information.

Cybercriminals have used Twitter bots to spread malicious content that contains malware to large groups of Twitter users at the same time. You can help protect yourself against such malware by not clicking on links in tweets and other communications from unknown or suspicious sources.

Twitter bots also have been used for political propaganda and to influence elections. Countries and interest groups may use Twitter bots to spread discontent or panic. That could potentially affect healthcare system, financial markets, community actions, and elections.

How prevalent are Twitter bots?

How many bots are in the Twittersphere? That’s hard to say. But a Carnegie Mellon University study showed a surge in bot activity while the United States has been under stay-at-home orders.

The Carnegie Mellon study found almost half of the Twitter accounts calling for America to reopen may be bots. The same study looked at more than 200 million tweets since January 2020 that reference the novel coronavirus. It found that of the top 50 retweeters, 41 — 82 percent — were bots.

The lesson? When it comes to Twitter, be careful about believing what appears to be the broad consensus or engaging in the conversation. It could be a misinformation campaign.

7 ways to recognize a Twitter bot

Here are several ways to help detect if a Twitter account is a bot or not. Keep in mind, a bot’s setup and activity often appears automated.

When trying to determine if an account might be a bot, beware of the following red flags:

  1. IP correlation — the geographical location of Twitter accounts.
  2. Time-based correlation — the release of tweets in close proximity. 
  3. Automation — when an account tweets short replies that appear automated.
  4. Content similarity — when the same content is tweeted at the same time.
  5. Account creation — Twitter bots with recent creation dates.
  6. Account description — when an account looks automated because its username contains numbers. Also, it appears anonymous in the absence of a photo, biography, or profile description.
  7. Account activity — when a bot follows a lot of accounts but does not have many followers, and it’s retweeting and tweeting content faster than a human could.

What is Twitter doing to combat bots?

Twitter prohibits these malicious uses of its platform, including these activities:

  • Automation meant to undermine public conversation. 
  • The creation of multiple accounts to artificially amplify messages.
  • Involvement in fake engagements by generation, solicitation, or purchase.
  • Aggressive use of Twitter in the form of tweets, follows, and other engagements.
  • Hashtag cramming or using hashtags for spamming purposes.

What does Twitter do about automated accounts engaging in the prohibited activities? The social media platforms suspends millions of bot accounts each month.

What can you do to combat Twitter bots?

You can find browser plugins that look at indicators to help identify whether or not a Twitter account is a bot. These third-party tools can help flag suspicious accounts so you won’t be fooled.

Whether you use a third-party tool or learn to recognize bots yourself, it’s smart to understand how automated platforms can enable the mass spread of false information.

Awareness and caution can help. It’s a good idea to watch for red flags and be skeptical about information contained in tweets. Go to reputable sources for fact-checking. And avoid clicking on links in tweets that could be embedded with malware.

Try Norton 360 FREE 30-Day Trial* - Includes Norton Secure VPN

30 days of FREE* comprehensive antivirus, device security and online privacy with Norton Secure VPN.

Join today. Cancel anytime.

*Terms Apply

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.