Skip to content
Naked Security Naked Security

Twitter’s new policy bans financial scams

“Oh no! However shall I give away Bitcoin to all my followers?” sobbed a bunch of crooks.

Around about a year ago, it looked like Elon Musk was promoting a great deal: send a little bit of Bitcoin to the wallet of a blue-checkmark verified Twitter account, and get back 10x your money!!!!

…except, of course, he wasn’t. It was a scam: some flimflammer had gotten hold of a verified account, kept the handle (Knip), and changed the display name next to “Promoted by” to read “Elon Musk.”

At the time, Naked Security’s Maria Varmazis wondered how in the world the behavioral red flags of the hijacked account hadn’t set off any warning bells at Twitter:

This verified account was inactive for a few months and then suddenly sprang to life, tweeting about cryptocurrency and asking for deposits. The display name was changed and the avatar was reset. In isolation, just one of these behaviors might not mean much, but in series, they paint a picture of an account that’s likely up to no good.

We don’t know what kept Twitter from spotting a string of behavior that led up to such an egregious scam: whoever it was had made withdrawals of at least $3,000 from the $10,000 worth of Bitcoin in their wallet at the time Maria checked.

Crackdown on scams

But now, we’re pleased to report that Twitter is finally cracking down on these kind of financial scams.

On Monday, the platform unveiled a new policy that prohibits using “scam tactics” to weasel money or private financial information out of others. It’s outlawing behavior that involves deceiving others into sending money or personal financial information via phishing, deception or fraud.

One of the examples of scam tactics that Twitter listed matches the Elon Musk scam: Deceiving others into sending money or personal financial information by operating a fake account or by posing as a public figure or an organization.

Twitter calls this type of fraud a “relationship/trust-building scam,” which sounds a lot like what we refer to as confidence scams. These are scams that involve a conman or woman gaining their victim’s trust, whether it’s by pretending to be Elon Musk or the love of your life. They try to convince their marks to send money, whether it’s because they have spare money/Bitcoins they want to sprinkle upon their fans out of the goodness of their hearts, or they need to buy airfare to visit or bail money when they purportedly get arrested en route, or for any other of an endless variety of boo-hoo stories.

Don’t try to pull any of that on Twitter, its new policy says:

Using scam tactics on Twitter to obtain money or private financial information is prohibited under this policy. You are not allowed to create accounts, post Tweets, or send Direct Messages that solicit engagement in such fraudulent schemes.

Here are some other examples Twitter gave of prohibited, deceptive tactics:

Money-flipping schemes. You may not engage in “money flipping” schemes (for example, guaranteeing to send someone a large amount of money in return for a smaller initial payment via a wire transfer or prepaid debit card).

Fraudulent discounts. You may not operate schemes which make discount offers to others wherein fulfillment of the offers is paid for using stolen credit cards and/or stolen financial credentials.

Phishing scams. You may not pose as or imply affiliation with banks or other financial institutions to acquire others’ personal financial information. Twitter said to keep in mind that other forms of phishing to obtain such information are also in violation of its platform manipulation and spam policy.

It’s been too easy to pose as somebody else on Twitter

Twitter’s new policy doesn’t come a day too soon.

Cryptocurrency giveaway and other types of financial scams have exploded on Twitter, where it’s been ridiculously easy for fraudsters to impersonate celebrities and influencers.

While the Twitter user names that show up in your URL are unique, display names are personal identifiers that show up on your profile page and on your posts. Users can set them to anything, and unfortunately, that means that fraudsters can pretend to be somebody you trust, including a cryptocurrency somebody.

For example, we’ve seen it happen to the popular exchange BitStamp, to Litecoin founder Charlie Lee, and to Vitalik Buterin, co-founder of Ethereum.

What’s still OK to post?

Financial disputes are still OK on Twitter. It’s just when accounts engage in deceptive scamming, phishing or other fraud tactics that Twitter’s stepping in. These are the types of financial disputes in which it’s not going to intervene:

  • Claims relating to the sale of goods on Twitter.
  • Disputed refunds from individuals or brands.
  • Complaints of poor quality goods received.

See something? Report it

If you spot fraudulent financial content, you can report it, like so:

  • Select Report Tweet from the little gray dropdown arrow.
  • Select It’s suspicious or spam.
  • Select the option that best tells Twitter that the Tweet is suspicious or spreading spam.
  • Submit your report.

What Twitter might do to malfeasants

There are a number of actions Twitter might take when it finds users violating these policies:

  • Anti-spam challenges that might ask for additional information or for the account to solve a reCAPTCHA.
  • Blacklisting URLs. Twitter may flag potentially unsafe URLs with a warning and even block them from being posted.
  • Tweet deletion and temporary account locks. First offenders might just get their Tweets deleted or a temporary account lock. Repeat offenders will be permanently suspended.
  • Permanent suspension. Twitter’s going to permanently delete accounts that commit “severe” violations, which it says includes things like operating accounts where the majority of behavior is in violation of its policies, or playing Whack-A-Mole by creating accounts to replace or mimic a suspended account.

Staying safe on social media

(Watch directly on YouTube if the video won’t play here.)

4 Comments

There actually are real users who decide to come back to Twitter after a few months and freshen up their name and avatar. It doesn’t usually happen with Verified accounts, though.

I think I was a victim of relationship/confidence building scam. I have been speaking to a guy who said he was Tyler Perry. The was I was roped in , was by me being a fan of the director Mr.Perry. After speaking with me several times and at length today. I gave him my cash I’d and my e AOL email address. When I went to AOL my entire account was gone from my phone. I able to pull it up on my iPad. But now it says I can no longer send messages to him. Darn it I should of known better. What can I do I still cannot retrieve my AOL account on my phone.its just a blue screen. Mamajobaby2

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?