New Twitter scam stealing bank passwords: What to look out for

It was bound to happen sooner or later — social media platforms are monetizing membership by adding subscriptions for services you’re used to getting for free. Here’s what’s changing and how you can save your money.

With billions of people logging into their social media accounts daily, scams abound. Here’s one making the rounds that you need to watch out for.

Banking on social media

It’s not uncommon for businesses to maintain social media profiles. They get their message and products out there and gain new followers in hopes of turning them into customers.

Everything from streaming services to smartphone manufacturers has Facebook, Twitter and Instagram pages. This also offers customers the opportunity to share their input and concerns. Even customer service reps or chatbots can help you with problems through their social media pages.

And this is where the scam comes in. Crooks are impersonating banks on Twitter to target new victims.

In this photo illustration the close-up of the Twitter website seen displayed on a smartphone.
Twitter recently added a subscriber service to its platform.
Rafael Henrique/SOPA Images/LightRocket via Getty Images

Here’s how the scam works

A customer posts a complaint about their bank account and tags their bank (@Citi or @Chase, for example). A scammer posing as a customer service rep from the bank responds and gives a helpline number. If you call that number, the scammer will collect what information they can, such as your login credentials, and use it to get into your account.

Kim Komando

Sound like a tech pro, even if you’re not! Award-winning popular host Kim Komando is your secret weapon. Listen on 425+ radio stations or get the podcast. And join over 400,000 people who get her free 5-minute daily email newsletter.

BleepingComputer tagged Axis Bank in a tweet and received a reply from an account as a quote tweet, which is a Twitter feature that allows one account to share another account’s post with their own comment added.

The Axis Bank account did not have a blue checkmark (or even a gold one that indicates a verified business), which should raise suspicions. The problem is that thanks to Twitter Blue, anyone can purchase a blue checkmark next to their name for $8 per month or $84 per year.

Confounding the confusion is the fact that many businesses maintain separate accounts for their customer service. Citibank is a prime example. The main Twitter account is found at @Citi, while the customer service account is @AskCiti. Both of these pages have gold checkmarks, by the way.

And it gets worse. In February, Twitter CEO Elon Musk replied to a tweet that legacy Blue Verified accounts (those with blue checkmarks before the subscription service added them) would be done away with.

So what’s going to happen to businesses that lose their blue checkmarks? They’ll have to subscribe to get them back. And even if they do, there will undoubtedly be some delay in the interim.

What you may see is a business that has a combination of blue and gold checkmarks or none at all. This is going to make it even easier for scammers to impersonate them.

What do you do if you need help?

Let’s keep things simple. If you need to contact your bank, internet service provider, mobile carrier or any business you have dealings with, do it directly. Social media is full of corruption, scammers, fake news and worse. Why would you risk something as important as your finances on these platforms?

Pull out your credit or debit card and call the number on the back if you need to contact your bank. Go to official websites to reach out to other companies.