Consumers complaining of poor customer service on X (rebranded Twitter) are being targeted by scammers after the Elon Musk-led micro-blogging platform changed its account verification process.
Bank customers and airline passengers are among those being exposed to the risk of suffering due to phishing scams as these individuals complain to companies via X, stated a Guardian report, while adding that the fraudsters, masquerading as customer service agents, are responding under fake X handles and trick victims into disclosing their bank details to get a promised refund.
“They (fraudsters) typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X,” the report explained the phenomenon.
“Changes introduced this year allow the icon to be bought by anyone who pays an 11 pounds monthly fee for the site’s subscription service, renamed this month from Twitter Blue to X Premium. Businesses that pay 950 pounds a month receive a gold tick. X’s terms and conditions do not state whether subscriber accounts are pre-vetted,” the report remarked further.
Guardian contacted an individual named Andrew Thomas, who was contacted by a scam account after posting a complaint to the travel platform Booking.com.
“I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he told the media outlet.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app,” the person added further.
“It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” Thomas said, as he became suspicious and checked the X profile of the ‘travel platform’.
“I then checked the WhatsApp caller ID and found it was a Kenyan number. I’ve since come across other fake Booking.com Twitter accounts which are following customers who are at their wits’ end trying to get a refund and have resorted to X to air their grievance with the company,” he narrated further.
Booking.com has now reportedly refunded Thomas after the incident caught media attention.
In June 2023, passengers suffering from easyJet and British Airways flight cancellations were targeted by cybercriminals using fake profiles after they resorted to X to demand refunds.
Both the airlines informed the Observer about reporting the accounts to X. BA has even a pinned tweet alerting users to fake accounts.
Not only the tourism industry, but even bank customers in the United Kingdom have now reportedly been warned to be vigilant as scammers are on the lookout for tweets that they can exploit to obtain personal account details.
Lisa Webb, a consumer law expert at the campaign organisation Which?, blamed the recent changes to X’s verification processes, which she believed, had made it harder for users to identify trusted accounts.
“Complaining to a company on social media can be an effective tactic to get a quick response, but check to make sure this is coming from its official account and, if in doubt, get in touch with the company directly using the contact details on their official website,” she said, while urging the Rishi Sunak government to pass the online safety bill on an immediate priority basis and ensure “it delivers meaningful protections for consumers against a flood of online fraud infiltrating the world’s biggest social media sites and search engines”.
Threat Actors Running Riot On X
As per the recent study by researchers from Indiana University, around 1,140 AI-powered accounts have been identified on X, which the research team has named the “Fox8” botnet. These accounts are reportedly using technology like ChatGPT to create fake content and steal pictures to create fake profiles.
As per the New York Post, these bot accounts are aiming to trick people into investing in fake cryptocurrencies. The Indiana University researchers even suspect that the bots might have stolen from real crypto wallets, while using hashtags like #bitcoin and #crypto and interacting with real human-run accounts focusing on crypto news.
The Fox8 botnet accounts are also spreading misinformation on various topics, including health and politics.
The bots are using the tactics of flooding the micro-blogging platform with numerous AI-generated posts, to increase the chances of these ‘posts’ being seen by real X users and ultimately, increasing the likelihood of someone clicking on harmful links.
These bots are not only using stolen photos but are also interacting with each other and have a certain number of followers and friends. The Indiana University researchers further noted that these accounts have improved in their believability due to advancements in language models like ChatGPT.