Keep Watch for Fake Broadband ISP Support Scammers on Twitter

Broadband customers who complain about their service or seek support from a UK ISP via Twitter need to be extra cautious. A security expert has uncovered how scammers are abusing the platform in order to pose as fake customer service agents, albeit by using one of the oldest but easily overlooked tricks in the book.

In this example the problem began after the co-founder of a Cambridge-based penetration-testing outfit (Fidus Information Security), Andrew Mabbitt, complained to Virgin Media’s official Twitter feed about a problem that he had been having with broadband connectivity.

“Within minutes of posting a complaint I got two replies; one from Virgin Media themselves in a public message and another from somebody purporting to be from Virgin Media in my DM’s. It seems those behind the account(s) are watching for keywords in real time and sending these messages very quickly; exploiting both the speed of a reply and the frustration being held by the person writing the initial tweet,” said Andrew.

The Direct Message contact and its linked account looked almost identical to the official one and replicated some of its content, although anybody paying close enough attention will have noted that the twitter handle was @virgincsmedia (this account has now been suspended) rather than @virginmedia.

We should point out that a lot of bigger ISPs have several different accounts on Twitter, some of which are dedicated to providing support and others are more promotional (e.g. @TalkTalkBiz and @TalkTalkBizCare). As such something like @virgincsmedia by itself wouldn’t necessarily jump out at a regular user as being overtly suspicious, but in security terms it’s always wise to be overly cautious of such things.

The message itself asked for Andrew’s name and address (i.e. the one linked to his account) and so for amusement he played along, albeit while using the fictional comic character of Deadpool (Wade Wilson) as his alter-ego. Naturally it didn’t take long before the fraudster (we’ll call this a type of phishing) was asking for the full details of Andrew’s credit card, which is something that a real support agent would never do!

In the end Andrew successfully used his skills to trick the fraudster into clicking a link that exposed his IP address. All of this is a useful demonstration of how scammers will do their best to try and steal your data, even on social media. So be on your guard for fake Twitter accounts and the same goes for Facebook users etc. Credits to The Register for spotting.