British consumer association Which? has warned users of fake airline accounts on X looking to steal their personal information, whilst also criticizing the social media network for not reacting to the threat fast enough.
Which? said that virtually every major airline operating in the UK, including British Airways, easyJet, Jet2, Ryanair, Tui, Virgin Atlantic, and Wizz Air, were all being impersonated.
The modus operandi of the scammers is quite simple: they use bots to automatically crawl social media interactions, looking for people dissatisfied with their airline’s service – which could be a delayed flight, lost luggage, or anything else.
Reacting too slow
The scammers would then reach out to the victim, either by posting a comment in the thread, or reaching out directly. Their message would be almost identical to what the airlines usually post, apologizing for the inconvenience caused.
However, the message would also come with an extra link, leading to a malicious landing page where the attackers would harvest people’s sensitive data. Alternatively, they would ask for their phone number, to be able to reach out directly and come to a resolution.
With these types of scams, the attackers are hoping the victim won’t realize they’re not talking to an official account.
Which? also criticized X for being too slow to remove these accounts from the platform. Apparently, reporting fake accounts to X “seems to have limited effect” as the majority of the bogus posts and accounts “were still live at the time of writing.”
X’s terms of use state that users impersonating organizations will be permanently suspended, and it told Which? that it took down all of the fake accounts the consumer group identified.
Furthermore, an X spokesperson told the publication: “On X, you may not misappropriate the identity of individuals, groups, or organizations or use a fake identity to deceive others.”
“Accounts that pose as another person, group, or organization in a confusing or deceptive manner may be permanently suspended under X’s misleading and deceptive identities policy.”
Via BBC