Yes, from X (the old Twitter) they can empty your bank account. It is no joke or exaggeration. From RAC1.cat they have had direct access to a case of the theft of 947 euros, which could have been many more.
Many people know that you can get better customer service through social media than via email, call, or chat. This can work with telephone operators, banks, airlines, etc.
For Carlos (not his real name), Norse Atlantic airline canceled a transoceanic flight and he decided to ask for help through Twitter, with a public tweet directed to the company's official account, @flynorse. After a few minutes, he received a very attentive response asking for more details via private message.
They spoke privately. The account that had responded to him told him that, in fact, the flight was cancelled, but that it had been for internal company reasons, so they proceeded to make a quick refund so that he could buy other tickets.
The person who contacted Carlos told him that express returns were made through an app called WorldRemit. He also said there was no need to register on the app. "Enter your email and the password I tell you now: XXXX." Carlos did it. Once his identity was validated in the WorldRemit account, the person in question told him to put his card details where he wanted the money to be deposited (a total of 953 euros). Carlos, pleasantly surprised by the fast and efficient service, entered his card and authorized the operation from the alert message that the bank sent him.
Contrary to what Carlos believed, that person did not make a deposit, but instead made a charge for the amount of the tickets. Technically, by having access to the WorldRemit account, he accessed and used his credit card to send money to himself, to another completely untraceable external account. He had just defrauded him of 947 euros and was about to charge him more, if it weren't for the fact that at that moment he realized that this man was not a Norse Atlantic customer service agent, but a scammer.
If you haven't noticed, look at the Twitter screenshot again: the person responding to Carlos' tweet is not the official @flynorse account, but another one called @fynorse that identified itself as a member of the airline's customer service team. Welcome to Twitter phishing.
If we are tired of seeing all kinds of safety and precautionary advice, why didn't Carlos detect the scam until it was too late? Because there are differences with what was known until now.
To begin with, common phishing is done via email or SMS and it is the scammer who contacts you directly, without having had any prior contact. In this case, the one who starts the conversation is the user who publicly asks for help. The scammer, who is on the lookout for this type of tweet, responds by impersonating the company involved.
Another obvious sign of scam is haste. Scammers always ask you to do things very quickly, so they can disappear with the money. In this case, the one who is in a hurry is the victim, who needs to recover money. The scammer pretends that he is helping you.
Once the criminal makes Carlos believe that he is part of the official customer service team, the victim completely lowers her guard and puts herself at his mercy, obeying everything the scammer asks of him. Carlos would not have even imagined that there could be "fake community managers" who would intercept his communication.
It is not known, it depends on what your card insurance interprets (this is not taken care of by the bank, but by the debit card company). The first thing Carlos had to do was file a complaint with the Mossos d'Esquadra, which will help him process the refund request through his bank.
The good outcome of the procedure is not totally guaranteed, since, as they told him at the police station, the insurer could argue that it was Carlos's negligence, since he gave his information voluntarily. Deceived, but grateful. We will update the information once the refund is authorized or denied.
This article was originally published on RAC1.
