If you frequent enough social media sites you are probably familiar with some type of post: someone’s cat suddenly got sick and racked up a vet bill or someone in between jobs and needs payment rent, so he sent a call their subscribers to donate a few dollars.
Internet crooks have also seen these messages. And, true to their habit, they found a way to make money with a particularly insidious ploy: masquerading as the original poster in a matter of minutes in order to substitute their own payment account for that of the person who deserves. really the money.
Here’s how it works and what to look for to spot the Twitter bot impersonation scam.
Instant account cloning
The key to this scam is that it is unrelated to the original poster mentioning that they have money issues. It is a response to the type of response that is common in these scenarios. A well-meaning friend will comment, asking if the person in need has a particular money transfer account – PayPal, Venmo, Cash App, and Ko-fi are the best options. Then the spoofing bot kicks in, likely triggered by keywords or phrases like “do you have PayPal?” “
Twitter user @stimmyskye explained the whole process in a recent Twitter thread, with a screenshot capturing the bot in action:
okay, because some people don’t seem to know this is happening:
when someone replies to any of your messages asking for your paypal / venmo / etc, there are bots that will IMMEDIATELY clone your account and respond with a payment link. they block your account in the same second. pic.twitter.com/UZaqYpmhvX
– skye he / him (@stimmyskye) September 23, 2021
The bot clones the original account’s profile picture, Twitter ID, and username in order to respond with what appears to be the requested link. The bot’s newly created account also blocks the account it impersonates, preventing that account from realizing what is going on.
Finally, the bot deletes the account some time later, completely covering its tracks after another successful day of theft from the internet charity box.
Admittedly, it is difficult to say how many bots succeed in this scam or what the damage is, although various responses In the Twitter thread linked above, note that they have fallen for this exact scam in the past.
Stay safe from scams
How can you catch this scam bot in the act? After all, it’s a little trick that no VPN or other data privacy service will be able to catch.
Instead, you’ll need to remember to verify a Twitter account before sending your PayPal donation. Usernames can be exactly the same, but each Twitter handle is unique: the bot in the example above simply added an underscore at the end of the Twitter handle it was cloning. Like any phishing scam, a closer look will reveal the truth.
And, if you really want to be safe when sending funds to a friend on Twitter, try contacting through a direct message – the scam bot will not be triggered and cannot appear in the same direct communication channel. messages even if it was.
Will Twitter solve it?
Twitter’s initial call thread notes that Twitter could fix this relatively easily, perhaps by adding wait times before a brand new account can Tweet, or checking accounts for signs that they’re cloning. another user.
One would think that fixing this problem would be a priority, especially given the well-known payment services that are dabbling in it: PayPal is the backbone of retail payments thanks to its ubiquity in point-of-sale software or the billing.
But change is unlikely to happen without a big backlash from the public drawing attention to these slippery clone robots. If Twitter takes action, it can reduce engagement, and social media platforms only aim to boost user interaction, even when that interaction radicalizes bad actors or reveals misinformation.
It’s a fundamental flaw that watchdogs have been warning about for years, especially when it comes to YouTube or Facebook’s algorithms. Another relevant concern is the issue of Twitter trolls. We will likely continue to caution against putting engagement first in the years to come as well. In the meantime, keep an eye out for fraudulent bots on Twitter.