A convincing Twitter scam is targeting bank customers by abusing the quote-tweet feature, as observed by BleepingComputer.
What makes this scam stand out is it preys on customers tweeting to their banks—such as to raise a complaint or request assistance. But these customers instead receive a reply from the scammer, via a quote-tweet, luring them to call the scammer’s “helpline” number.
The scam’s simplicity and focused targeting makes it convincing to unsuspecting users.
Fake bank Twitter accounts luring customers in
Users tagging Twitter accounts of their banks in their tweets—for example, when raising complaints about an issue, should watch out for responses from non-verified Twitter accounts that may closely be impersonating the bank’s support staff and instead be a scam.
Moreover, what makes this scam particularly interesting is, the fact that genuine companies sometimes choose to reply via a separate Twitter account, different from their corporate (verified) one, for tweets which are akin to support requests.
Earlier this week, I had tagged Axis Bank, India’s third-largest private bank, in a tweet but interestingly received a reply as a ‘quote tweet’ from an account claiming to be Axis Bank:
Although the lack of any following on the @AXIS_BANK_00 account (and, not to mention, the verification badge) did raise red flags, it wouldn’t be the first time a company replies from a separate Twitter account as opposed to their verified one, for example, to minimize amplifying complaints from their customers sent as Tweets.
As opposed to using any obvious phishing links, this scam uses a templated text urging users to call a “helpline” number.
An Axis Bank official shortly stepped in from the company’s legitimate Twitter account:
Hi, we have noticed a post made to you by a person claiming to represent Axis Bank. The response has NOT been posted by our official representatives. We would request you to immediately stop any interaction with the other profile and do not share any information with (1/3)
— Axis Bank Support (@AxisBankSupport) March 13, 2023
The illicit Twitter account, AXIS_BANK_00 has since been suspended.
While analyzing this case, however, we discovered that the same phone number, 89618-44737, had been mentioned in tweets targeting customers of other leading Indian banks, including HDFC and ICICI.
One such account we found was named, @HDFC_Bank_08:
Whereas, that targeting ICICI Bank customers was called @ICICI_Bank_7:
Merely suspending these accounts may not be enough and may result in a whack-a-mole situation. The enumeration at the end of these Twitter handles (i.e. Axis_Bank_0, 1, 2, 3….) suggests scammers are simply recreating these accounts with variations of the handle, and naming these accounts using terms, e.g. “(BankName) cares” to make them appear to be the bank’s Twitter support channel.
This scam also comes at a time when Musk’s Twitter takeover and a total revamp of the platform’s verification policies may already be generating confusion.
For example, the previously-verified ‘legacy’ blue badge accounts may be phased out in the favor of Twitter Blue (paid) verification program. Then there is an entirely new color code introducing a ‘grey’ checkmark for Twitter accounts of government officials, and ‘golden’ ones for companies.
Another issue is, what happens to legitimate Twitter accounts of banks and financial institutions that continue to bear legacy verification badges—once these are stripped? These accounts may become more susceptible to impersonation by fraudsters.
Not all Twitter accounts belonging to a notable entity are treated equally either.
Both Comcast’s @Xfinity and @XfinitySupport handles, for example, carry a ‘golden’ badge attesting to their authenticity. But other accounts associated with the company, such as @NASCAR_Xfinity, still retain the older blue badge which, once phased out, makes matters clouded for the consumer.
When on Twitter, watch out for red flags in replies, DMs, and quote-tweets directed at you, even if their timing is impeccable and they seem benign at a first glance.
