Customers complaining on X are latest targets of blue-tick phishing scams
Sign up now: Get ST's newsletters delivered to your inbox
Scammers impersonate customer service agents and respond under fake X handles to trick victims into divulging their bank details.
PHOTO: AFP
Follow topic:
Disgruntled consumers who take to X, formerly known as Twitter,
In the latest phishing scam, scammers impersonate customer service agents and respond under fake X handles to trick victims into divulging their bank details to get a promised refund.
Users are taken in by the blue-tick icon displayed on these scam profiles, which until 2023 marked accounts that had been officially verified by X, reported The Guardian. But the new subscription service X Premium, introduced as part of Mr Elon Musk’s sweeping (and unpopular) reforms, now allows anyone to buy a blue-tick icon for $15 a month.
Under X Premium, businesses that pay $1,400 a month receive a gold tick. X’s terms and conditions do not mention if subscriber accounts are vetted.
Bank customers and airline passengers are among those at risk in this new wave of scams. Mr Andrew Thomas, who booked flights on travel platform Booking.com, told The Guardian that he was contacted by a scam account after posting a complaint on X.
“I’d been trying since April to get a refund after our holiday flights were cancelled and finally resorted to X,” he said.
“I received a response asking me to follow them, and DM (direct message) them with a contact number. They then called me via WhatsApp asking for my reference number so they could investigate. Later, they called back to say that I would be refunded via their payment partner, for which I’d need to download an app.”
When a doubting Mr Thomas checked the X profile, he said: “It looked like the real thing, but I noticed that there was an unexpected hyphen in the Twitter handle, and that it had joined X only in July 2023.
“I then checked the WhatsApp caller ID and found it was a Kenyan number. I’ve since come across other fake Booking.com Twitter accounts which are following customers who are at their wits’ end trying to get a refund and have resorted to X to air their grievance with the company.”
Speaking to The Guardian, a spokesman from Booking.com said: “We are fully aware of the implications of scams by malicious third parties. If there are ever any doubts about the legitimacy of a request, customers should always err on the side of being safe and contact our official customer service team.
“If a customer does opt to contact us using Twitter, they should always check they are using our verified account which has a gold badge to indicate authenticity.”
The scams exploit the common belief that a public complaint to a company leads to speedier resolution.
In June, cyber criminals with sham profiles targeted passengers who demanded refunds on X for their cancelled easyJet and British Airway flights, reported The Guardian. The airlines said these accounts were reported to X, and British Airways has a pinned tweet warning users of fake accounts.
Some Metro customers also received scam texts from fake customer service agents after the British bank called for online feedback. One company lost £9,200 (S$15,700) to the scam, said the Guardian.
Experts said the recent changes to X’s verification processes have made it difficult for users to identify trusted accounts.
Ms Lisa Webb, a consumer law expert at the campaign organisation Which?, told The Guardian: “Complaining to a company on social media can be an effective tactic to get a quick response, but check to make sure this is coming from its official account and, if in doubt, get in touch with the company directly using the contact details on their official website.”
She urged quick legislative reform to protect consumers.
X was approached for comment.
