A compelling Twitter scam is targeting bank customers by abusing the quote-tweet feature, as observed by BleepingComputer.

What sets this scam apart is that it preys on customers who tweet their banks, for example to file a complaint or ask for help. But those customers instead receive a response from the scammer, via a quote tweet, prompting them to call the scammer’s hotline number.

The scam’s simplicity and targeted targeting make it compelling to unsuspecting users.

Fake Banking Twitter Accounts Lure Customers

Users who tag their banks’ Twitter accounts in their tweets – for example, when raising complaints about a problem, should be careful of replies from unverified Twitter accounts that may pose as bank support staff. bank and rather be a scam.

Also, what makes this scam particularly interesting is the fact that real businesses sometimes choose to respond via a separate Twitter account, different from their (verified) business account, for tweets that look like support requests.

Earlier this week, I tagged Axis Bank, India’s third largest private bank, in a Tweeter but it’s interesting to receive a response in the form of a “quote tweet” from an account claiming to be Axis Bank:

While the lack of tracking on the @AXIS_BANK_00 account (and, not to mention, the verification badge) raised red flags, it wouldn’t be the first time a company has responded from a Twitter account. distinct as opposed to its verified account, for example, to minimize the amplification of their customer complaints sent as Tweets.

Instead of using obvious phishing links, this scam uses a text pattern prompting users to call a “hotline” number.

An Axis Bank official quickly chimed in from the company’s legitimate Twitter account:

Hello, we noticed a message sent to you by someone claiming to represent Axis Bank. The response was NOT published by our official representatives. We ask that you immediately cease all interaction with the other profile and not share any information with (1/3)

— Axis Bank Support (@AxisBankSupport) March 13, 2023

The illicit Twitter account, AXIS_BANK_00 has since been suspended.

In analyzing this case, however, we discovered that the same phone number, 89618-44737, had been mentioned in tweets targeting customers of other major Indian banks, including HDFC and ICICI.

One such account we found was called @HDFC_Bank_08:

While the one targeting ICICI Bank customers was called @ICICI_Bank_7:

Simply suspending these accounts may not be enough and can lead to a mole situation. The enumeration at the end of these Twitter IDs (i.e. Axis_Bank_0, 1, 2, 3….) suggests that scammers simply recreate these accounts with variations of the ID and name these accounts as using terms, for example “(BankName) cares” to make them appear as the bank’s Twitter support channel.

This scam also comes at a time when Musk’s takeover of Twitter and a complete overhaul of the platform verification policies can already generate confusion.

For example, previously verified “legacy” blue badge accounts may be phased out in favor of Twitter Blue verification (paid) program. There is then quite new color code the introduction of a ‘grey’ checkmark for government officials’ Twitter accounts and a ‘golden’ check mark for businesses.

Another issue is what happens to legitimate bank and financial institution Twitter accounts that continue to wear legacy verification badges once they are removed? These accounts may become more susceptible to being usurped by fraudsters.

Not all Twitter accounts owned by a notable entity are treated the same either.

The two Comcasts @Xfinity And @XfinitySupport the handles, for example, carry a “gold” insignia attesting to their authenticity. But other accounts associated with the company, such as @NASCAR_Xfinitystill retain the old blue badge which, once removed, complicates matters for the consumer.

When on Twitter, watch out for red flags in replies, DMs, and quoting tweets directed at you, even if their timing is impeccable and they seem benign at first glance.