This Twitter scam is targeting angry banking customers — what you need to know

A person trying to login into their bank account using their phone
(Image credit: Shutterstock)

Tweeting at a company when you have a problem is one of the fastest ways to get an official response but a new Twitter scam making the rounds online is a good reason to think twice before doing so.

As reported by BleepingComputer, a convincing Twitter scam is currently being used to target bank customers by abusing the platform’s quote-tweet feature. What sets this scam apart from others is that it targets customers tweeting at their banks to raise a complaint or to request assistance with an issue.

Unfortunately, instead of hearing back from their bank, Twitter users who reach out to their banks are receiving replies from scammers in the form of quote-tweets that lure them to call a fake helpline number. 

If a bank customer does call the number, the scammers on the other end could try and get them to provide sensitive information just like with tech-support scams or vishing scams.

Fake bank Twitter accounts

If you do decide to tag your bank’s Twitter account in a tweet, you want to watch out for responses from non-verified Twitter accounts as they could be impersonating your bank’s support staff.

However, legitimate companies will sometimes reply to a tweet using a separate Twitter account instead of using their main one. Oftentimes this isn’t a problem but in this case, it could be.

BleepingComputer’s Ax Sharma recently tagged India’s Axis Bank in a tweet and then received a reply as a quote-tweet from an account claiming to be the bank. The fact that no one followed the account and it didn’t have a verification badge did raise some red flags but as we pointed out earlier, companies will sometimes use a separate Twitter account to deal with customer complaints.

While a link to a phishing page likely would have been blocked and many users would be wary about clicking on it, the scammers behind this campaign use a phone number instead to avoid raising suspicion. Fortunately in this case, an official from the Bank responded to the quote-tweet saying that the response wasn’t from one of its official representatives. They also urged Sharma to “immediately stop any interaction with the other profile’ and not to share any information with them.

How to tell if a Twitter account is fake

how to get back the old Twitter font

(Image credit: Shutterstock)

Although the account in question has been banned, the scammers behind this campaign can easily sign up for another account and once again begin targeting customers on Twitter. Therefore, being able to tell if an account on the platform is fake is incredibly important to avoid these types of scams.

As BleepingComputer points out, the scammers operating this and similar campaigns often recreate official accounts and add a few numbers at the end to set their fake accounts apart. They also use official images and copy an account’s description to appear legitimate.

When it comes to determining whether or not a Twitter account is fake, you should look at its profile first as real users have interesting bios, real profile pics and original tweets as opposed to just re-tweets. 

From here, you want to check to see how the account got verified. While Twitter’s blue checkmark used to be hard to get, the launch of Twitter Blue has made it much easier for fake accounts to appear legitimate. Twitter has also launched a new color code that adds a gray checkmark for the accounts of government officials as well as a golden checkmark for companies. 

Just like with all other social media platforms, you need to be careful on Twitter as scammers are always looking for a quick way to make a buck or to steal your personal information. If a tweet seems too good to be true or has the hallmarks of a phishing email, the account behind it is likely fake.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.