Fake X accounts found scamming airline customers

Twitter
Twitter combats hate speech bans racism (Image credit: Shutterstock)

British consumer association Which? has warned users of fake airline accounts on X looking to steal their personal information, whilst also criticizing the social media network for not reacting to the threat fast enough.

Which? said that virtually every major airline operating in the UK, including British Airways, easyJet, Jet2, Ryanair, Tui, Virgin Atlantic, and Wizz Air, were all being impersonated. 

The modus operandi of the scammers is quite simple: they use bots to automatically crawl social media interactions, looking for people dissatisfied with their airline’s service - which could be a delayed flight, lost luggage, or anything else.

Reacting too slow

The scammers would then reach out to the victim, either by posting a comment in the thread, or reaching out directly. Their message would be almost identical to what the airlines usually post, apologizing for the inconvenience caused. 

However, the message would also come with an extra link, leading to a malicious landing page where the attackers would harvest people’s sensitive data. Alternatively, they would ask for their phone number, to be able to reach out directly and come to a resolution.

With these types of scams, the attackers are hoping the victim won’t realize they’re not talking to an official account.

Which? also criticized X for being too slow to remove these accounts from the platform. Apparently, reporting fake accounts to X “seems to have limited effect” as the majority of the bogus posts and accounts “were still live at the time of writing.”

X’s terms of use state that users impersonating organizations will be permanently suspended, and it told Which? that it took down all of the fake accounts the consumer group identified. 

Furthermore, an X spokesperson told the publication: “On X, you may not misappropriate the identity of individuals, groups, or organizations or use a fake identity to deceive others.”

"Accounts that pose as another person, group, or organization in a confusing or deceptive manner may be permanently suspended under X’s misleading and deceptive identities policy.”

Via BBC

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.