Around about a year ago, it looked like Elon Musk was promoting a great deal: send a little bit of Bitcoin to the wallet of a blue-checkmark verified Twitter account, and get back 10x your money!!!!
…except, of course, he wasn’t. It was a scam: some flimflammer had gotten hold of a verified account, kept the handle (Knip), and changed the display name next to “Promoted by” to read “Elon Musk.”
At the time, Naked Security’s Maria Varmazis wondered how in the world the behavioral red flags of the hijacked account hadn’t set off any warning bells at Twitter:
This verified account was inactive for a few months and then suddenly sprang to life, tweeting about cryptocurrency and asking for deposits. The display name was changed and the avatar was reset. In isolation, just one of these behaviors might not mean much, but in series, they paint a picture of an account that’s likely up to no good.
We don’t know what kept Twitter from spotting a string of behavior that led up to such an egregious scam: whoever it was had made withdrawals of at least $3,000 from the $10,000 worth of Bitcoin in their wallet at the time Maria checked.
Crackdown on scams
But now, we’re pleased to report that Twitter is finally cracking down on these kind of financial scams.
On Monday, the platform unveiled a new policy that prohibits using “scam tactics” to weasel money or private financial information out of others. It’s outlawing behavior that involves deceiving others into sending money or personal financial information via phishing, deception or fraud.
One of the examples of scam tactics that Twitter listed matches the Elon Musk scam: Deceiving others into sending money or personal financial information by operating a fake account or by posing as a public figure or an organization.
Twitter calls this type of fraud a “relationship/trust-building scam,” which sounds a lot like what we refer to as confidence scams. These are scams that involve a conman or woman gaining their victim’s trust, whether it’s by pretending to be Elon Musk or the love of your life. They try to convince their marks to send money, whether it’s because they have spare money/Bitcoins they want to sprinkle upon their fans out of the goodness of their hearts, or they need to buy airfare to visit or bail money when they purportedly get arrested en route, or for any other of an endless variety of boo-hoo stories.
Don’t try to pull any of that on Twitter, its new policy says:
Using scam tactics on Twitter to obtain money or private financial information is prohibited under this policy. You are not allowed to create accounts, post Tweets, or send Direct Messages that solicit engagement in such fraudulent schemes.
Here are some other examples Twitter gave of prohibited, deceptive tactics:
Money-flipping schemes. You may not engage in “money flipping” schemes (for example, guaranteeing to send someone a large amount of money in return for a smaller initial payment via a wire transfer or prepaid debit card).
Fraudulent discounts. You may not operate schemes which make discount offers to others wherein fulfillment of the offers is paid for using stolen credit cards and/or stolen financial credentials.
Phishing scams. You may not pose as or imply affiliation with banks or other financial institutions to acquire others’ personal financial information. Twitter said to keep in mind that other forms of phishing to obtain such information are also in violation of its platform manipulation and spam policy.
It’s been too easy to pose as somebody else on Twitter
Twitter’s new policy doesn’t come a day too soon.
Cryptocurrency giveaway and other types of financial scams have exploded on Twitter, where it’s been ridiculously easy for fraudsters to impersonate celebrities and influencers.
While the Twitter user names that show up in your URL are unique, display names are personal identifiers that show up on your profile page and on your posts. Users can set them to anything, and unfortunately, that means that fraudsters can pretend to be somebody you trust, including a cryptocurrency somebody.
For example, we’ve seen it happen to the popular exchange BitStamp, to Litecoin founder Charlie Lee, and to Vitalik Buterin, co-founder of Ethereum.
What’s still OK to post?
Financial disputes are still OK on Twitter. It’s just when accounts engage in deceptive scamming, phishing or other fraud tactics that Twitter’s stepping in. These are the types of financial disputes in which it’s not going to intervene:
- Claims relating to the sale of goods on Twitter.
- Disputed refunds from individuals or brands.
- Complaints of poor quality goods received.
See something? Report it
If you spot fraudulent financial content, you can report it, like so:
- Select Report Tweet from the little gray dropdown arrow.
- Select It’s suspicious or spam.
- Select the option that best tells Twitter that the Tweet is suspicious or spreading spam.
- Submit your report.
What Twitter might do to malfeasants
There are a number of actions Twitter might take when it finds users violating these policies:
- Anti-spam challenges that might ask for additional information or for the account to solve a reCAPTCHA.
- Blacklisting URLs. Twitter may flag potentially unsafe URLs with a warning and even block them from being posted.
- Tweet deletion and temporary account locks. First offenders might just get their Tweets deleted or a temporary account lock. Repeat offenders will be permanently suspended.
- Permanent suspension. Twitter’s going to permanently delete accounts that commit “severe” violations, which it says includes things like operating accounts where the majority of behavior is in violation of its policies, or playing Whack-A-Mole by creating accounts to replace or mimic a suspended account.
Staying safe on social media
(Watch directly on YouTube if the video won’t play here.)