My mate Dom was moaning to his ISP on Twitter. They sent him a private message so they could look into his account.
Blimey! Thankfully, that was a pretty brazen and inept attempt at phishing. Anyone asking for all your card details like that should set the alarm bells ringing. Of course, phishers often target credulous people who don’t understand that they’re being scammed.
By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.
Cormac Herley – Microsoft Research
Investigating the account might not have given much of a clue about its dodgy nature.
Superficially, it looks identical to the official account. It even has a verified badge on its Tweets. How? Because all it does is retweet the official account it is spoofing!
Looking closer you should be able to spot that it is a fairly new account with zero followers. Oh, and the name is “Virgimendia”! The kerning of fonts on a small screen is likely to confuse lots of users.
They were quite clever in targetting people who had mentioned the official account. This is similar to a Twitter phishing attack I blogged about 5 years ago.
I tried my luck at baiting the scammer – to no avail!
Their use of language suggests they’re a British English speaker. At least, I assume they’re not thinking of me in cryptographic terms!
A bunch of us reported the account, and by the next morning it was gone.
The disturbing thing about this, is that the scammers had been operating for at least a week. Virgin Media had been alerted, but seemingly didn’t take any action.
(Content Warning: The following Tweets contain racist language and encouraging suicide.)
Blocked and unblocked me just to send that last bloody message! 🤣🤣🤣 @virgimendia says you sitting at home in your mums basement have fun with that one https://t.co/bvknGVZL9M pic.twitter.com/8RIm648hi7
— Sharon Field (@SharonField3) August 13, 2020
,@virgimendia THIS ACCOUNT IS GOING TO MESSAGE YOU PRETENDING TO BE VM AND ASKING FOR YOUR BANK DETAILS. IF LIKE ME YOU CATCH THEM OUT THEY ACT LIKE THIS.. pic.twitter.com/oSPTNVbWfm
— Adelle King (@Blackrose_uk) August 14, 2020
Look at these idiot fraudsters. 💀💀💀💀💀@virginmedia @virgimendia pic.twitter.com/eQEkt6Jhp1
— pokuaa. (@julsbvby) August 15, 2020
Almost had me there @virgimendia pic.twitter.com/tb0AkLnUqv
— Poké681 (@Poke681YT) August 17, 2020
@virginmedia it came for your twitter handle…. last night. I have also reported this to your customer services but they didn’t seem to concerned… told me to opt out of text message notifications :/ pic.twitter.com/HJvm9R4Wz4
— Lisa Jones (@misslisa811) August 14, 2020
Could automated tooling have stopped this? To a human it looks pretty obvious that this is a scam. But what heuristics would you use to train a model designed to stop this? And how many false positives would it detect?
Stay safe out there.
I know people with dyslexia that could be seriously affected by something like this.
Would be good if you could catch misspellings in places with a browser extension but I think it’d be far too complex :/
@TheHodge yep, had the same happen to me – first message got me….
There are algorithms to spot both similar text and similar images. I imagine that it would be possible for Twitter’s sign-up process to say, “Hmm, this name is awfully similar to that name. And the avatar is the same as well. Maybe they’re trying to imitate them?”
The problem is what to do next. Twitter don’t want to pay an army of employees to vet every similar-sounding account. And if you asked the existing account holders to do it, they’d both make mistakes and abuse their power (for example, to block “This Company Sucks” accounts).
And the regular reminder that Every Time you mention in public on here the name of your bank, you are being watched. Friend of me lost 12k after a helpful phone call to sort out a minor admin niggle that friend had tweeted about in frustration.