These days it’s safe to assume when you’re contacted by a stranger using email, texting, or social networks, it’s likely a scam. That’s the nature of the internet with so many trying to make a buck. It takes very little effort for a twelve-year old savy computer user in their basement in some far away third-world country to make more money than they’d ever be be able to make in their local economy. Or it might be from a shady business that sends out millions of emails with little effort or cost, needing only a fraction of a fraction of a percent response to generate thousands of dollars.
Invariably I delete a dozen or more emails and texts each day with a receipt for a huge charge from the Geek Squad, McAfee, Norton, Pay Pal, etc.,or a text to call UPS or Fedex because they are unable to deliver my package, or a bank saying my account is overdrawn, or a notification that I won a prize from Home Depot.
Many of these messages are designed to shock us with a huge bill or an urgent call to action, and get us to click on a link, open an attachment, or to respond some other way. My advice is to never ever click on a link or attachment or message from someone you don’t know. Instead, ignore it and delete it from your computer. Most legitimate businesses have other ways to contact you if something really is urgent.
Whenever there’s an new way to trick us, you can count on scammers to exploit it. One of the latest is to take advantage of us reaching out for help using Twitter. (now called X by some, but not by me). An article in the WSJ explains how scammers are now impersonating airlines to reach out to users on Twitter who are appealing for help.
Twitter used to be an effective way to get help from companies when it was difficult to reach them other ways. When I had a problem with a Verizon bill and a Southwest flight in the past, calling attention to the issue with a tweet that included the company’s account name, often got a quick response and the problem solved. But no more. More often you’ll now get a scammer.
The article in the WSJ explains that when the reporter used Twitter to run a test and to ask airlines for help with her flight, cancellation, or reservation related issues, she’d often get responses from fake airline accounts. Typically they’d ask for a phone number to call back or try to get credit card numbers, passwords, and other personal information. These responses came from fake accounts representing to be Southwest, Air Canada, and others such as this example:
This is occurring because Twitter no longer verifies that corporate users are who they say they are, causing impersonators to run free on the site. Anyone willing to pay $8 per month can get a blue check that supposedly makes their acount seem legitimate, but instead it only means they are willing to pay. Twitter also has a new Gold check but the use of it is sketchy because Twitter has taken it away from accounts it doesn’t like, such as the New York Times.
Of course, impersonations occur elsewhere on the web, such as on Meta’s Facebook or Instagram, although Meta does a bit better in comparison policing their sites. They consider fraudulent activity more as a bug, where Twitter sees it as a feature.
One of the key indicators of a fraud is the sender’s name in the Tweet, message or email.
From the WSJ article:
“The account looked similar to Southwest’s, with the airline’s signature heart logo. The display name on the account was SouthwestAir, which is the actual Southwest’s handle. The reply was empathetic, too. (“We apologize for the inconvenience.”) It was even signed like Southwest does in its posts.
“But I noticed red flags. The account’s actual handle was @_SouthwestAir9, not @SouthwestAir. Unlike the real feed, the impostor had no gold check mark, the new replacement for the blue check mark for many brands.
“Both the real airline and Fake Southwest asked me to send information via direct message for assistance. The impostor account wanted my phone number, not my flight confirmation number. As soon as I provided it, someone called me via WhatsApp and said they were with Southwest Air. I said it didn’t sound like Southwest and they quickly hung up.
“It wasn’t a one-off. Around the same time on Monday, a traveler reached out to Air Canada on X with a complaint about a canceled flight. The airline and an impostor, @aircanada153551, both responded.”
In the case of an email, check the details of the “From” field in the email and expose the full address. Hover your cursor over the sender’s name to see the full address. If it doesn’t look like it’s from the company it says it’s from in this format […company name.com]. It’s likely a fraud. Sometimes it’s an address with a long string of characters, with the company name imbedded within or just a nonsensical string of characters as the email here:
The other way to check the address is to hit reply and look at the new email:
But don’t send it, just delete it after checking.
In this text message I recently received, supposedly from the USPS, has an originating phone number from country code 63, the Phillipines.
Because I get so many of these, I rarely check the address anymore; I simply delete or mark as Spam and move on.
How times have changed! It wasn’t too long ago that we made an effort to be sure we never missed an email and were diligent to open and read each one. That’s now just a distant memory and something dangerous to do.