Many companies use social media platforms as an outlet to manage their relations with customers, troubleshoot user problems, and answer their queries.

Twitter is one of the key platforms where users can tag the brand’s handle with the troubles they’re facing or feedback about the services. The brand’s Twitter handle tries to troubleshoot the problem or refers the user to a support page or link where the user can raise requests.

A customer asking for help with an issue by tagging PayPal’s user handle.

Twitter is a public platform, and all the Tweets are visible to everyone by default. It allows scammers to view the complaint tweets in which a brand, any related Twitter handle, or specific keywords are mentioned.

Scammers either reply to tweets from fake brand profiles, or they DM the user posing as the brand’s customer support. The end goal of scammers is to deceive the user into giving up confidential information and use that information to hijack accounts or cause financial damage.

Different Types of Campaigns

  • Financially Motivated

A high percentage of these accounts primarily target users for financial reasons. These accounts try to trick the users into giving up their secret recovery phrase to hijack crypto wallets. Or they try to deceive the user into giving the username, email, passwords, and security question answers for their bank or crypto exchange accounts.

We made a few tweets using a honeypot account that contained keywords like help, support, and the name of popular crypto wallet apps. Within a few seconds of making tweets, we started receiving replies from fake customer support bots.

Scam bots replying to our bait tweet with different types of scam tweets.

Some crypto companies’ customers are targeted to such an extent that their customer support has to write a warning message in each reply about not trusting any DM’s or replies claiming to be from them.

MetaMask customer support has to write a warning message with each reply.
  • Account Hijacking

Another motivation for these scammers is to hijack high-profile, verified accounts or accounts with a highly desired username.

These hijacked, high-profile, verified accounts with a large following are later used in promoting scam campaigns to the masses.

Usually, hijacked high-profile, verified accounts are short-lived. Once they’re spotted or reported, Twitter rollbacks those accounts to their original owners. Scammers have a short time window after hijacking such accounts, and they’re aware of it.

Scammers posing as Twitter customer support to hijack a verified Twitter user’s account.

Accounts with highly desired usernames (usernames that are short or unique) get sold on underground forums/marketplaces for a high price.

Types of Scams

  • Using Fake Brand Lookalike Profile: Scammers set up lookalike brand profiles with brand logos as the profile picture and use a typosquatting handle as usernames.
Fake Metamask and Phantom customer support profiles replying to our honeypot profile’s tweets.
  • Using Synthetic Customer Profiles: These profiles claim they faced the same problems. Then they visited a specific link or a specific profile or email address to get their issue resolved. Those included links, emails, and profiles are run by scammers.
Synthetic profiles replying with different type of scam methods.

Losses caused by such scams

  • Crypto wallet/exchange account, bank account hijacking, financial loss
  • Identity theft
  • Account takeover. Later these hijacked accounts are used as part of bot networks for promoting scams, or other criminal activities.

How to avoid falling prey to such scams

Verify the official Twitter account handle from the brand website

  • Don’t visit external links sent by suspicious accounts in replies
  • Only use official channels to get in touch with a brand’s customer support.
  • Never share the recovery phrase, password, or OTPs in forms or on suspicious websites.

Advice For Brands

Proactively monitoring brand mentions and brand impersonation on social media platforms and reporting such fake profiles for takedowns is the only way to minimize the risk of your customers falling prey to such scams.

At Bolster, we offer live social media monitoring across 14 different social media platforms, along with phishing and typosquatting monitoring and automated takedowns. Get your FREE trial here.

This blog is published by Bolster Research Labs. We are also creators of https://checkphish.ai – a free URL scanner to detect phishing and scam sites.