Twitter Impersonation Scams

Many businesses use social media platforms as an outlet to manage their customer relationships, resolve user issues, and answer user questions.

Cybersecurity Live - Boston

Twitter is one of the key platforms where users can tag the brand handle with the issues they face or feedback on the services. The brand’s Twitter account attempts to resolve the issue or refer the user to a support page or link where the user can make requests.

Twitter Impersonation Scams
A customer asks for help with a problem by tagging PayPal’s nickname.

Twitter is a public platform and all Tweets are visible to everyone by default. It allows scammers to view complaint tweets in which a brand, any associated Twitter handle, or specific keywords are mentioned.

Scammers respond to tweets from fake brand profiles or send a DM to the user posing as the brand’s customer support. The end goal of the scammers is to trick the user into divulging confidential information and use this information to hijack accounts or cause financial damage.

Different types of campaigns

A high percentage of these accounts primarily target users for financial reasons. These accounts attempt to trick users into giving up their secret recovery phrase to hijack crypto wallets. Or they try to trick the user into giving them username, email, passwords and answers to security questions for their bank or crypto exchange accounts.

We made a few tweets using a honeypot account that contained keywords like help, support, and the name of popular crypto wallet apps. Within seconds of tweeting, we started getting replies from fake customer support bots.

Customers of some crypto companies are targeted to such an extent that their customer support has to write a warning message in every response not to trust DMs or responses claiming to be from them.

Twitter Impersonation Scams
MetaMask customer support should write a warning message with each response.

Another motivation of these scammers is to hijack high profile verified accounts or accounts with a highly sought after username.

These verified, high profile, hijacked accounts with large audiences are then used to promote scam campaigns to the masses.

Usually, hacked high profile and verified accounts are short-lived. Once spotted or reported, Twitter revokes these accounts to their original owners. Scammers have a short window of time after hacking into such accounts, and they are aware of it.

Scammers posing as Twitter customer support to hijack a verified Twitter user’s account.

Accounts with highly sought after usernames (short or unique usernames) are sold on forums/underground markets for a high price.

Types of scams

  • Use of fake similar brand profile: Scammers create similar brand profiles with brand logos as their profile picture and use a handful of typosquatters as usernames.
  • Use of synthetic customer profiles: These profiles claim to have faced the same problems. Then they visited a specific link or a specific profile or email address to solve their problem. These included links, emails and profiles are run by scammers.

Losses caused by such scams

  • Crypto wallet / exchange account, bank account hijacking, financial loss
  • Identity theft
  • Account recovery. Later, these hacked accounts are used as part of botnets to promote scams or other criminal activities.

How to avoid falling prey to such scams

Check the official Twitter account handle on the brand’s website

  • Do not visit external links sent by suspicious accounts in replies
  • Only use official channels to get in touch with a brand’s customer support.
  • Never share the recovery phrase, password or OTPs in forms or on suspicious websites.

Brand advice

Proactively monitoring brand mentions and brand impersonation on social media platforms and flagging these fake profiles for takedowns is the only way to minimize the risk of your customers falling prey to such scams.

At Bolster, we offer live social media monitoring on 14 different social media platforms, as well as phishing and typosquatting monitoring and automated takedowns. Get your free trial here.

This blog is published by Bolster Research Labs. We are also the creators of – a free URL scanner to detect phishing and scam sites.

*** This is a Bolster Blog Security Bloggers Network syndicated blog written by Nikhil Panwar. Read the original post at:

Joseph P. Harris