Imagine this. You’re sitting on a train station bench, angry that the Train company have cancelled the 18:09 train back home to Stirling. In your frustration, you use your smartphone to Tweet them:
Just minutes later, to your delight you receive a reply. Perhaps they’re not so bad after all. You actually feel a little guilty for ranting!..
While waiting, you access the claim form and fill out all the details. At least the delay hasn’t cost you anything, and maybe you can use the train vouchers (when they arrive to your house) as a family treat to visit somewhere nice.
Following an hour waiting, you catch the 19:22 home. It’s a longer train journey, but at least you’re on your way. While passing the time scanning your emails, you notice an alert from Twitter. It’s from the Train company again.
Result!.. That’s a decent saving – and all from one tweet!. You’ve still got 20 minutes before your destination, so you quickly click and visit their ticket booking page (which does indeed show all tickets discounted) and proceed to buy a new monthly ticket.
Finally you’re home.. you pop up to say goodnight to the kids (already in bed), and then settle down on the sofa to catch up on the latest box set. Another alert vibrates your phone. It’s from the Train company again.. (they’re keen… what now?)..
“Delayed Train?”.. Earlier they had advised it was a signalling fault. And why are they advising I claim again? Don’t they know this has already been dealt with. Talk about incompetence.
It takes a while. But the realisation starts to filter through. Oh dear. This isn’t good.
Have you worked it out yet? I’m hoping you have, and I’m hoping you’d have realised what was going on from the Train Company’s very first response. Social Media scams (like most scams) work because you’re in a bad place. You’re frustrated, you’re angry, you want to rant at someone, and you expect, and indeed you got , an immediate reply. It was them wasn’t it?
That nice easy link through to their website. That simple form where you provided your name, address and more. That polite follow up which encouraged you to act quickly, logging in with your username and password (which you probably use elsewhere on the internet) and freely giving them your credit card details in exchange for a discounted ticket. Felt good at the time.. the wrong had been righted, justice had prevailed, you’d got one over the big company…
And then you realised.
Social Media impersonation is massively on the rise. With just a few “saved images” and a copy/paste of an existing bio it’s easy to setup a profile which looks pretty close to the original. The identity theft victim could be your friend, your bank, or your regular train company. But the real victim is you. You were fooled. Even if just momentarily, that “trust” you gave, and the data you provided them could result in significant consequences.
The above “fictional” story is based on a real incident concerning someone I know. Someone who’s not stupid, not ‘computer illiterate’, not greedy, and up until that point would consider themselves cyber savvy. But caught off guard at the wrong moment…
Ps – if you’ve finished reading this and you’re still wondering what’s going on – then please get in touch immediately. If you want more help and advice protecting yourself, and your business, from the very real risks of cyber security and social engineering fraud, then ask us about our Cyber Essentials Awareness workshop, designed specifically for small businesses and their staff.
Update – if you think this is far fetched, think again – check out this recent news article on the BBC regarding Twitter Fraud (only if you’re brave enough to click the link!)