X Scammers Exploit UK Users Raising Complaints On The Platform: Report

In the wake of a recent alteration to its account verification system, the Elon Musk-owned microblogging platform X (formerly Twitter) has inadvertently exposed UK consumers who express dissatisfaction with customer service to potential phishing scams. These fraudulent activities primarily target individuals such as bank customers and airline passengers who resort to X to voice their grievances, as per a report by The Guardian. These cybercriminals, posing as customer service representatives, engage with users via fake X accounts, luring victims into revealing sensitive banking information under the pretext of facilitating refunds.

Their approach has been to leverage the trust garnered from the display of a blue checkmark icon, previously reserved for officially verified X accounts.

The alteration introduced this year has transformed the significance of the blue tick. It is now purchasable by any user through a Rs 900 monthly fee (for Android and iOS), part of the subscription service recently rebranded from Twitter Blue to X Premium. Notably, X's terms and conditions fail to clarify whether these subscription-based accounts undergo any pre-screening process.

The impact of this change is evident in the experience of Andrew Thomas, who found himself targeted after complaining about service-related issues on X, the Guardian reported. He received a seemingly legitimate response instructing him to follow a particular account and initiate a direct message conversation. Subsequent communication via WhatsApp led to requests for sensitive information, including reference numbers and app downloads.

Thomas's suspicions were aroused when he observed an unexpected hyphen in the account handle and noted that the account had only joined X in July of that year. A further check of the WhatsApp caller ID revealed a Kenyan number, raising concerns about the account's authenticity. Similar fraudulent Booking.com accounts on X have been identified, targeting frustrated customers who have turned to the platform to express their grievances.

The Guardian's intervention in Thomas's case led to a refund from Booking.com, with the company attributing delays to airline-related issues. In response, a spokesperson for Booking.com emphasised the awareness of scams perpetrated by malicious third parties, advising customers to prioritise safety and contact official customer service channels in case of doubt.

The scams exploit a common consumer strategy of airing complaints on X for faster resolutions. In previous months, passengers who experienced flight cancellations with airlines such as easyJet and BA became targets for cybercriminals employing fake profiles on X. Both airlines informed the Observer that they report fraudulent accounts to X, and BA even maintains a pinned tweet alerting users to the presence of fake accounts.

Bank customers are also at risk, particularly those who have posted tweets that can be exploited to gain access to personal account details. Instances have been reported where Metro customers received texts from counterfeit customer service agents following the bank's request for online feedback, leading to substantial financial losses.

Lisa Webb, a consumer law expert at the campaign organisation Which?, highlighted the challenges posed by recent changes to X's verification processes. She advised users to exercise caution, confirming the authenticity of official accounts and resorting to direct communication through official channels in cases of doubt. Webb also emphasized the urgency of passing the online safety bill currently under parliamentary consideration to ensure substantial protection for consumers against the surge of online fraud affecting major social media platforms and search engines.