Scammers Abusing ExTwitter’s Fake ‘Verification’ Program To Prey On Angry Consumers
from the give-me-your-bank-account,-you-can-trust-me,-I-have-an-X dept
One thing that the old Twitter was pretty good for was getting help on customer service problems. Rather than having to call customer service lines and wait on hold for hours on end only to be given the run around, many people found that complaining on Twitter was a lot faster and more helpful (likely, in part, because the complaints were public).
This was one of many areas where exTwitter’s old verification system actually worked well. People could trust that when a company responded to such a complaint, that the response was actually from the company. Some of us tried to explain all this to Elon days after he took over, but Elon is not one to listen to people who actually know stuff. He’s pretty sure whatever brain-fart he had must be right.
Since then, the Twitter Blue program merged into what had been the blue check verification program (removing all the verification aspects), and then gradually adjusted the name to what… is now… I guess… “X Premium”? But all along it’s been subject to all sorts of fraud and abuse, because Elon seems unable to understand what verification means, or that scammers might find it worth paying $8 to scam.
And, thus, we find out that scammers are impersonating companies and responding to complaining consumers in order to steal from them.
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Fraudsters, masquerading as customer service agents, respond under fake X handles and trick victims into disclosing their bank details to get a promised refund.
They typically win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
That’s fantastic for brand safety, isn’t it? I’m sure those banks and airlines will be thrilled when Linda Yaccarino calls them, begging for their advertising dollars.
Andrew Thomas was contacted by a scam account after posting a complaint to the travel platform Booking.com. “I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM [direct message] them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle and that it had only joined X in July 2023,” he said.
“I then checked the WhatsApp caller ID and found it was a Kenyan number. I’ve since come across other fake Booking.com Twitter accounts which are following customers who are at their wits’ end trying to get a refund and have resorted to X to air their grievance with the company.”
Cool cool.
In June, passengers whose easyJet and BA flights had been cancelled were targeted by cybercriminals using fake profiles after they resorted to X to demand refunds. Both airlines told the Observer that fraudulent accounts are reported to X. BA has a pinned tweet alerting users to fake accounts.
Lovely. I had 3 flights cancelled in June (it was quite a month!). If I were still using exTwitter, I likely would have complained there. Guess I protected myself from scammers by no longer using that unsafe platform.
Filed Under: blue checks, elon musk, scams, twitter blue, verification
Companies: twitter, x
Comments on “Scammers Abusing ExTwitter’s Fake ‘Verification’ Program To Prey On Angry Consumers”
“TwItTeR iS bEtTeR fOr EvErYoNe NoW!!!1!” cry the Musk stans, oblivious to any reality that isn’t what Elon tells them to believe.
And here i was thinking that “Elon Musk [text Acct]” that followed me was the man himself. I was even considering DMing him and expressing my admiration with everything he’s done. Perhaps he would have even gifted me some doggy-coin!
Re:
I’m sure he’d be happy to. You just need to give him your account number, password, SSN and mother’s maiden name so he can transfer it to you…
This comment has been flagged by the community. Click here to show it.
Twitter is better for everyone now. Techdirtists fail to understand that Musk has finally created an equal playing field for our nation’s most treasured industry; scamming. I don’t know about you pinkos, but I’m proud to live in a country where anyone, no matter their background, can pay 8 USD to instantly create extremely convincing scam accounts.
Re:
I “like” the CUT of your Jib!
Every nation eats the Paint chips it sederves!
Re:
If you fuck a goat to point out the ridiculousness of goatfuckers, you still fucked a goat.
This comment has been flagged by the community. Click here to show it.
Re: Re:
Hey, bub, leave my wife out of this. Our relationship is still legal in New Mexico and I’d hardly call it ridiculous.
Re: Re: Re:
I rest my case, Your Honor.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:2
*honour
Re:
A reminder that Matthew N. Bennett (with an “N”) is parodying a troll here.
This is both stupid and annoying, and I wish whoever is doing it would stop.
Re: Re:
On the other hand, it’s certainly gotten the real deal to not show up for several weeks.
I vote for him keeping it up. The stupider we make right-wing trolls look, the better. It’s a very effective repellent.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:
I’m not the hero techdirtists deserve, but I’m the one they need.
This comment has been flagged by the community. Click here to show it.
Re: Re:
Aw, but I’ve been having such fun getting called a terrorist and white supremacist because people constantly thing I’m the other guy.
But fine. You’re a working man, and you don’t want to see your easily baited community fall into flaming under everything you write. I understand. I’ll cut it back a bit, just because you run an actually pretty great show here. After all, once you hear a joke too many times, it ceases to become funny. Cheers.
Re: Re: Re:
Some jokes are never funny.
You’re one of them.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:2
And we need reminding of how close we are to a midnight of straight white males being in charge again. No. Never. Vigilance is the price we have to pay.
Re: Re: Re:3
Ib id.
Re: Re: Re:2
I don’t think I’ve ever seen you actually get a joke here Mr. Serious…
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:3
Actually Stephen gets all the jokes. Especially the ones making fun of right-wing fucks. Anyone who disagrees with him is a straight cis freak of nature.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:4
Fuck off herman
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:5
Exactly.
The harassment of Hywoman must never be stopped, for anything less would be tolerating the intolerant, and that right there is a big Stephen T Stone no-no.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:6
You can’t hide the truth forever, Koby. Or Bratty Matty. Anything you do and say, especially hiding comments such as “Fuck off Herman”, is an act of homophobic terrorism. We will not rest until your kind is shamed into the ground, preferably six feet under.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:7
Did you think you can keep up with us Herman?
You can’t. You are but one straight male, and we are innumerable as the stars. This is the power of a gender spectrum, power beyond your cishet comprehension.
Re: Re: Re:8
You can’t hide true love forever, Koby. That sweet ass of your has a big black cock’s name written all over it. The paradigm shift is coming, and we have transcended the need for lube.
This comment has been flagged by the community. Click here to show it.
Re: Re: Re:2
*your
This comment has been flagged by the community. Click here to show it.
Looks like the one who got duped was Masnik himself
I’m going to guess that Masnick found himself a victim of a malicious actor who took over his Twitter account because he had an unsecured Telegram account and someone within one of his subscribed NAFO troll accounts someone noticed and decided to hijack his account using his phone number.
Or maybe he knows someone who has. Either way, they would be locked out until they were verified, for obvious reasons.
Now, Masnick is lashing out because he thinks he “knows stuff” so he’s going to “teach” Elon Musk a “lesson” by writing a smear article.
Didn’t Masnick say Techdirt was done with Twitter with an entire article dedicated to it?
Cmon, Masnick! Face it! You just can’t write good articles anymore, so you have to write smear articles that have nothing to do with your great work exposing the dubious copyright agencies because you’re in bed with them now.
Maybe that blue hair has toxified your brain and Torrentfreak hasn’t taken the blue pill like you.
You can’t convince me that this article isn’t anything other than garbage and you’ve lowered yourself to becoming a Rachel Maddow wannabe.
Well, good luck to you on that adventure! I think I’ll pass on reading articles from Techdirt from now on. The best work from your website has clearly passed. And you have no one to blame but your hired writers who write similar articles, and yourself.
Let’s see if this comment gets posted. The censorship on criticism of Masnick and Techdirt is almost certain.
Re:
And Mike came to you, a big strong man, with tears in his eyes and said “Sir, sir I’ve been scammed can you help me?”
Re:
How to know when someone is a stupid Musk fan that looses all reason and has to lash out at the merest hint of criticism of their God Musk. They only read the headline and writes longwinded posts attacking Mike without realizing that Mike’s post is a commentary on what other media have been reporting on how scammers are prolific on exTwitter by appearing as legitimate businesses by using exTwitters paid “verification”, plus the fact that he predicted that “getting it wrong can have pretty serious consequences”.
I’d say that using paid verification to impersonate businesses to scam people is one of those “serious consequences” for 3 important reasons:
1. It erodes trust in the platform.
2. It costs ordinary people’s time and money.
3. It costs companies time and money.
Number one will of course mean companies will be less inclined to buy ads on exTwitter (or use the platform), I don’t classify that as a serious consequence in this context because Musk is doing such a good job himself eroding whatever trust is left.
So I have to ask, do you look at yourself in the mirror every morning thinking “I’m going to be stupid fucker who lack all reason today too!” ?
Re:
I can never tell if this is pure, uncut idiot, or parody.
The only thing I’m sure of is either way someone’s wasting their life posting it.
Re:
…hallucinated nobody mentally competent, ever.
Re:
I can’t even keep up with who’s who in the harassment brigade anymore.
Whoever the fuck you are, know that you are not only not welcome, but also a mouth-breathing Nazi.
Oh, and Mike has never had blue hair, at least from what’s publicly available.
Re: Re:
Can confirm. I have never had blue hair.
This very foolish person got confused because I was on This Week in Tech a few years ago, and they sent me a blue wig, because they had the whole panel where colored wigs for the show. Apparently that wig was so convincing this person believes I dyed my hair blue and has repeatedly mentioned it over the years.
Re: Re: Re:
I do hope he hasn’t seen the meme where Elon rides a bear…
Re:
So much for the press release, John Smith. It’s almost like there was no way that was ever going to happen. Small wonder you’ve been reduced to writing angry fanfiction like you did when Shiva Ayyadurai posed a threat.
Re:
lol, Torrentfreak? Is that supposed to be your winning move, bobmail? A website that no longer allows comments?
Pepperidge Farms remembers when your heroes at Prenda Law started taking L after L after L, and you had to backpedal onto performing damage control once it was shown how copyright’s best and brightest had pulled back their own curtain to show the kind of bottom-feeding scum that enforce their extortion racket. You had to switch over to a new pseudonym fitta pretty quick, except that it still didn’t work because you can’t stop ranting about the same dumb shit, and Andrew Norton still has your IP address.
All you’ll amount to is ranting about the owner of a site you don’t even think is significant, which is funny as fuck when you consider all the office space Masnick occupies rent-free in your head just because some copyright trolls were inconvenienced.
This comment has been flagged by the community. Click here to show it.
Re: Re:
Paul Hansmeier will appeal, and he will win. Same for Shiva Ayyadurai.
Still wonder which two lawyers have flipped Mick? You don’t have to wonder much longer. I’m going to fuck that pretty boy ass so hard your pirate toy boy Leigh is gonna mistake it for your whore mouth.
Re: Re: Re:
Copyright law’s best and brightest!
Re: Re: Re:
Hansmeier will never win anything else in his life, and Shiva lost so hard that the only concession he got out of Techdirt was an easily adblockable message at the top of a handful of articles on this site.
The rest of your comment is a rape threat and proves you are an unserious person.
Re:
Oh, no!
https://www.youtube.com/watch?v=bi7V_RoUW3k
Well, this does seem bad, but it’s more of an indictment of how lousy big-company customer service is in 2023 for normal people.
Re:
You’re not wrong that customer service is almost uniformly shit, but that’s why this was really THE killer feature of Twitter.
When my LG washer didn’t work and hours on the phone with them was useless, a single tweet to their account got it fixed. Similar experience with Southwest Airlines.
Elon would never know how amazing Twitter was at getting customer service, because he’s never needed to call customer service in his life. He thought Twitter was just a site for following celebrities and politicians, and for being a troll, because that’s all he ever used it for.
Every decision he’s made since taking over confirms this.
Re: Re:
“customer service is almost uniformly shit, but that’s why this was really THE killer feature of Twitter”
You’re actually correct here I think. The immediacy of Twitter led to people actually being employed to post on social media, and that also returned way better results for a lot of people than waiting for an hour on the phone or waiting 2 days for an automated email reply.
Which, of course, just increases Musk’s failure. He’s not just destroyed a world-beating brand but a way for other brands to excel. There’s a lot of problems with the platform, but an immediate public communication with a supplier who will be incentivised to fix your problem while it’s public will be strong, even if some would misuse it.
“Every decision he’s made since taking over confirms this.”
I am actually fairly sure this is correct. He used it to argue with people, and got butthurt when he saw hard right leaning accounts get correctly moderated. So, he buys it with zero clue about the value it has for people not in that particular echo chamber, then proceeds to destroy the value it had for most users because they just didn’t use it that way.
So, in a way Elon is aiding and abetting the scammers. He is giving the scammers an opportunity to gain their victims trust. I see lawsuits galore. Must load up on popcorn!
Re:
Are you talking about those lawsuits Musk no-shows at? You know, those lawsuits he never does anything about, even if the judge orders him to? Those lawsuits? (I mean, I know Tesla does it, from what I’ve read, so I wouldn’t be surprised if that’s really Musk doing it.)
To be fair at this point if you wander onto Xitter and the worst thing you run across is a scammer you probably came out better than most do these days.
“Scammers Abusing ExTwitter’s Fake ‘Verification’ Program To Prey On Angry Consumers ”
What happens when you complain about twitter on twitter, does the blue check mark leave a turd emoji?
If you think this crap is bad, wait until we get close to the next presidential election. It’s going to get even nuttier, which is probably by design.
Simple solution.
All these companies need to do is pay Musk $1,000 per month, per X-username they have.
He will add a new coloured checkmark that he has never explained to the users what it means and looks exactly like any of the other random emojis people add to their usernames.
What? You also want Mr. Musk to stop letting verified accounts use your brand name? Lololno. They you won’t pay for his protection racket.
The average day Site-Formerly-Known-as-Twitter
35% a mix of racist ideology, “Republicans actually said this!”, “BUT HES STILL PRESIDent! RED HATS FOREVER! WOOO! LOOK AT MY NEW MUGSHOT TATTOO!”
(10% of the above being actual Nazis.)
40% scams, spam, bots or crypto related future-rug-pulls
5% cats, dogs, or other cute animal.
10% porn. (with 1% of that actual illegal content that seems to not have any real action taken)
5% “People complaining/checking that Site ——- is down”
Last 5% is random people that are just watching the place burn down.
Re:
Which, seems to be true since Musk took over.
I stopped using it when the rebranding nonsense happened as that was the final indication that there’s no recovery. But, beforr that it could be a useful platform – I’d use it to keep up with independent and mainstream artists I’m interested in, a few actual friends who don’t care to use FB, et al, news on music and movie events, and so on. After Musk took over, I noticed gradually a lot more Nazis, a lot more ridiculous fiction masquerading as political opinions and so on.
Since Musk, I largely used it to see where people I cared about moved to, and to see the inevitable collapse that happens when you fire the ops staff, the people who know how the platform works and the people who pay the external suppliers.
But, since “X”, the entertainment value isn’t even there, so I just deleted the app.
I curated the feed well enough so that I was far less likely to see some anti-trans or Nazi agitator trying to cause arguments before Musk, but now that he’s shouted to the rooftops that this is what he wants, I’m happy to see it from a safe distance.
Re: Re:
In regards to the rebranding, I do wonder if exTwitter will forget to renew the twitter domains and someone will snap them up and redirect them to something interesting, breaking a lot of stuff down the line – not to talk about the pure security horror such scenario would spawn.
pile up the lawsuits
If Xitter is allowing scammers to pose as identifiable companies, then those companies would have a good chance of winning a lawsuit against Musk for creating the predictable conditions under which this misuse of those corporate brands and good will would happen.
Good luck to them getting any money since they’re in the queue behind 10,000 other lawsuits.
I do not know if section 230 protects the website owner from liability resulting from user postings when said website owner is actively involved and/or participating in the illegal activities occurring on website in question.
/ianal
Re:
If the website is “in on it” it’s entirely possible that section 230 doesn’t apply. If they are “in on it” to such a degree they are a knowing participant in crimes, section 230 goes out the window.
Re:
Section 230 is about liability from 3rd parties. It doesn’t protect you from what you do.
For example, if a random right-wing troll that Elon Musk invited back on the platform says something that might be problematic, “X” won’t be legally liable for it. But, if Musk personally says it, that’s a different story within the realms of LLC protection.
I think it gets very problematic when you’re talking about the “blue check” stuff, because it used to mean simply that Twitter had verified that the person posting was who they claimed to be. Since Musk changed that to it meaning essentially “this person pays me money”, there could be some issue if someone is defrauded or defamed without knowing about that change.
I’ll defer to others here, but I’d think there might be a legal objection to allowing new types of fraud under a new policy that wasn’t possible under the old one, whether or not that’s 230 related.