How X (Twitter) blue-ticks is making it easy for scammers to access bank accounts
The idea that anyone on X can purchase blue-ticks has opened the door for scammers to target consumers who complain of poor customer service on X, posing as customer service agents and tricking them into disclosing their bank details.
How the scam works
The Guardian reported that the scam works by exploiting the advice, commonly offered in consumer guides, to complain publicly to a company on X for a speedier resolution. Fraudsters, masquerading as customer service agents, respond under fake X handles and win the trust of victims by displaying the blue checkmark icon, which until this year denoted accounts that had been officially verified by X.
They then ask the victims to follow them and send them a direct message with their contact number. They call the victims via WhatsApp or other platforms and ask for their reference number or booking details so they can investigate their complaint. Later, they call back to say that they have arranged a refund and ask the victims to download an app or visit a website where they need to enter their bank details.
The scammers typically use X handles that look similar to the official ones, but have slight variations such as an extra letter or a hyphen. They also use WhatsApp numbers that are registered in foreign countries, such as Kenya. The victims may not notice these details until it is too late.
Who is at risk
Bank customers and airline passengers are among those at risk of phishing scams when they complain to companies via X. Some of the companies that have been impersonated by scammers include Booking.com, easyJet, BA, and Metro Bank.
One victim, Andrew Thomas, was contacted by a scam account after posting a complaint to Booking.com. He said: “I received a response asking me to follow them, and DM them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later they called back to say that I would be refunded via their payment partner for which I’d need to download an app.”
Thomas became suspicious and checked the X profile. He said: “It looked like the real thing, but I noticed that there was an unexpected hyphen in the X handle and that it had only joined X in July 2023. I then checked the WhatsApp caller ID and found it was a Kenyan number.”
Another victim, a company that lost £9,200 to the scam, received texts from fake customer service agents after Metro Bank invited online feedback. The texts asked for personal information and security codes.
How to protect yourself
X’s terms and conditions do not state whether subscriber accounts are pre-vetted. Businesses that pay £950 a month receive a gold tick, which is supposed to indicate authenticity. However, consumers should not rely on these icons alone to verify the identity of customer service agents.
Lisa Webb, a consumer law expert at Which?, said: “Complaining to a company on social media can be an effective tactic to get a quick response, but check to make sure this is coming from its official account and, if in doubt, get in touch with the company directly using the contact details on their official website.”
She also advised consumers to be wary of any requests for personal or financial information, especially if they involve downloading apps or visiting websites that are not familiar or secure. She said: “If there are ever any doubts about the legitimacy of a request, customers should always err on the side of being safe and contact our official customer service team.”
Some companies have taken steps to alert their customers about the scam. BA has a pinned tweet on its official X account warning users about fake accounts. Booking.com refunded Thomas after being contacted by the Guardian and said: “We are fully aware of the implications of scams by malicious third parties. If a customer does opt to contact us using X, they should always check they are using our verified account which has a gold badge to indicate authenticity.”
Consumers who have fallen victim to the scam should report it to X, their bank, and the police as soon as possible. They should also change their passwords and security codes and monitor their bank statements for any suspicious transactions.
X blue-ticks may seem like a harmless feature that enhances the user experience on the social media platform. However, they have also created an opportunity for scammers to prey on unsuspecting consumers who are looking for help from companies. Consumers should be vigilant and careful when using X to complain or seek assistance from customer service agents.