There are plenty of ways, Javascript is an amazing thing. For instance, anyone running this site can see that I typed this in character-by-character, and even had to hit backspace a few times. Dumping all of the text in at once would be suspicious. Not a clear indicator of a bot, but one indicator at least. I also moved my mouse and just expanded the text box so I could see my thoughts. Not something a bot would normally do. I'm also coming from an IP address that only ever posts to one account, not to multiple. My browser fingerprint only posts to one account. My browser fingerprint shows me on a Macbook using Chrome, and my cookies indicate I have a web browsing history. I upvote. I downvote. I post something, then engage in a follow-up discussion later on. These follow ups are upvoted by other accounts that match all or most of the above criteria.
My day job is information security, specifically working with a SIEM to correlate many diverse logs from many diverse systems and figure out what really happened using many pieces of individually benign data. None of these things are themselves indicators of bots, but the more you start to trip these rules, the more bot-like your behavior becomes. Eventually it paints a picture that shows no human could reasonably be behind an account that routinely posts two or more tweets at the same time, never engages in follow-ups, is only followed/liked by other suspicious accounts, and has a user agent of Python 3.7 coming from a source IP on aws.amazon.ru. You show them a captcha and if they fail or bail, you've got 'em.
Technically speaking, I'm not sure it's even possible to tell for sure which accounts are bots and which aren't. How can they tell?