Misleading Twitter handles displaying paid-for icon being used to carry out phishing attacks
Sun 27 Aug 2023 15.02 BST
Consumers who complain of poor customer service on X are being targeted by scammers after the social media platform formerly known as Twitter changed its account verification process.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
Changes introduced this year allow the icon to be bought by anyone who pays an £11 monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay £950 a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
“I then checked the WhatsApp caller ID and found it was a Kenyan number. I’ve since come across other fake Booking.com Twitter accounts which are following customers who are at their wits’ end trying to get a refund and have resorted to X to air their grievance with the company.”
Booking.com refunded Thomas after the Guardian intervened, and blamed delays on the part of the airline.
A spokesperson said: “We are fully aware of the implications of scams by malicious third parties. If there are ever any doubts about the legitimacy of a request, customers should always err on the side of being safe and contact our official customer service team.
“If a customer does opt to contact us using Twitter, they should always check they are using our verified account which has a gold badge to indicate authenticity.”
The scams exploit the advice, commonly offered in consumer guides, to complain publicly to a company on X for a speedier resolution.
In June, passengers whose easyJet and BA flights had been cancelled were targeted by cybercriminals using fake profiles after they resorted to X to demand refunds. Both airlines told the Observer that fraudulent accounts are reported to X. BA has a pinned tweet alerting users to fake accounts.
Bank customers have been warned to be vigilant as scammers are on the lookout for tweets that they can exploit to obtain personal account details. A number of Metro customers received texts from fake customer service agents after the bank invited online feedback. One company lost £9,200 to the scam.
Lisa Webb, a consumer law expert at the campaign organisation Which?, said the recent changes to X’s verification processes had made it harder for users to identify trusted accounts.
“Complaining to a company on social media can be an effective tactic to get a quick response, but check to make sure this is coming from its official account and, if in doubt, get in touch with the company directly using the contact details on their official website,” she said.
She urged the government to pass the online safety bill going through parliament without delay and ensure “it delivers meaningful protections for consumers against a flood of online fraud infiltrating the world’s biggest social media sites and search engines”.
X was approached for comment.
topLeft
bottomLeft
topRight
bottomRight
heading
#paragraphs.
/paragraphshighlightedText#choiceCards/choiceCards
0 Comments