Phishing attacks conducted using deceptive Twitter accounts with paid-for icons
After a shift in the account verification process on the social media platform formerly known as Twitter, now referred to as X, individuals who voice complaints about subpar customer service are becoming the focus of scammers. These scammers aim to capitalize on situations when bank customers and airline passengers express grievances to companies via X. Operating under fraudulent X handles, they pose as customer service representatives and employ tactics to deceive victims into sharing their banking information under the guise of securing an anticipated refund.
The deceptive accounts often gain the confidence of their targets by showcasing the blue checkmark icon, once a sign of officially verified X accounts until recent changes. These changes, introduced this year, permit the purchase of the icon by anyone who subscribes to the site’s monthly service for £11, which was renamed from Twitter Blue to X Premium this month. For a monthly fee of £950, businesses can obtain a gold tick. X’s terms and conditions do not explicitly outline whether subscriber accounts undergo prior screening.
After lodging a complaint regarding canceled holiday flights on the travel platform Booking.com, Andrew Thomas found himself contacted by a fraudulent account. “I had been attempting to secure a refund since April, but turned to X as a last resort,” he recounted.
“I received a reply instructing me to follow them and send a direct message with my contact number. Subsequently, they reached out to me via WhatsApp and requested my reference number for investigative purposes. Later, they contacted me again, assuring me of a refund through their payment partner and urging me to download an app.”
Suspicions arose for Thomas, prompting him to inspect the X profile. “It appeared authentic, yet I noticed an unexpected hyphen in the Twitter handle and noticed that the account had only joined X in July 2023,” he shared.
“I cross-checked the caller ID on WhatsApp, discovering it was linked to a Kenyan number. I’ve since encountered other counterfeit Booking.com Twitter accounts targeting customers who are frustrated while seeking refunds and resort to X to voice their grievances about the company.”
Following The Guardian’s intervention, Booking.com refunded Thomas, attributing delays to the airline’s actions.
A representative stated, “We are acutely cognizant of the potential consequences stemming from scams perpetuated by malicious third parties. When in doubt regarding the legitimacy of a request, customers should prioritize their safety and reach out to our official customer service team.”
“If customers choose to engage with us via Twitter, it is vital for them to verify that they are interacting with our authenticated account, distinguished by a gold badge signifying authenticity.”
These scams exploit the commonly suggested advice found in consumer guides, encouraging individuals to express their complaints on X to expedite resolutions.
In June, individuals who had their easyJet and BA flights canceled encountered cybercriminals using fraudulent profiles after turning to X to voice refund demands. Both airlines informed the Observer that they report fraudulent accounts to X. BA has a pinned tweet warning users about fake accounts.
Bank clients have been advised to remain cautious, given scammers’ pursuit of tweets that can be manipulated to acquire personal account information. Following a call for online feedback from the bank, numerous Metro customers received texts from counterfeit customer service representatives. In a case, a company fell victim to the scam, resulting in a loss of £9,200.
Lisa Webb, a consumer law specialist from the advocacy organization Which?, highlighted that recent modifications to X’s verification procedures have heightened the challenge of discerning trustworthy accounts.
“While resorting to airing grievances through social media can yield swift responses, it’s crucial to verify that the communication originates from the company’s legitimate account. In cases of uncertainty, it’s advisable to directly contact the company using the official contact information found on their website,” she advised.
Webb urged the government to promptly pass the online safety bill currently under consideration in parliament. She emphasized the need for the bill to establish substantive safeguards for consumers against the influx of online fraud infiltrating major social media platforms and search engines worldwide.
