The Real Risks of Twitter Rants!

Imagine this. You’re sitting on a train station bench, angry that the Train company have cancelled the 18:09 train back home to Stirling. In your frustration, you use your smartphone to Tweet them:

From: @JasonOwen77 Dear @ScotTrainsCo – thanks again for making a bad day worse, and delaying me seeing my kids for the 3rd time this week. Seriously – why is the 18:09 to Stirling consistently delayed?! I won't hold by breath for a response. Yours – a disgruntled season ticket holder #trainfail

 

Just minutes later, to your delight you receive a reply. Perhaps they’re not so bad after all. You actually feel a little guilty for ranting!..

From: @ScotTrainsSupport @JasonOwen77 we're sorry for the inconvenience and we appreciate this isn't the first time we've let you down on your usual route. The current issue is a signalling fault near Pitlochry. As you probably already know, we have a 'Compensation Claim' form which you can complete to receive a full refund (in the form of vouchers) if you are over 1 hour delayed – bit.ly/sr7gT ^CR

While waiting, you access the claim form and fill out all the details. At least the delay hasn’t cost you anything, and maybe you can use the train vouchers (when they arrive to your house) as a family treat to visit somewhere nice.

Following an hour waiting, you catch the 19:22 home. It’s a longer train journey, but at least you’re on your way. While passing the time scanning your emails, you notice an alert from Twitter. It’s from the Train company again.

From: @ScotTrainsSupport @JasonOwen77 Following on from our earlier tweet, again our sincere apologies. I've spoken to my manager and we'd like to further compensate you with a 50% discount on your monthly season ticket. It's not the norm, but given the regular delays, we feel it's justified. Click here and order your new ticket in the usual way http://bit.ly/sr66Gw – be aware for safety reasons, this link will only work for 12 hours (as it's specific to you). ^CR

Result!.. That’s a decent saving – and all from one tweet!. You’ve still got 20 minutes before your destination, so you quickly click and visit their ticket booking page (which does indeed show all tickets discounted) and proceed to buy a new monthly ticket.

Finally you’re home.. you pop up to say goodnight to the kids (already in bed), and then settle down on the sofa to catch up on the latest box set. Another alert vibrates your phone. It’s from the Train company again.. (they’re keen… what now?)..

From: @ScotTrainsCo @JasonOwen77 we're sorry to hear of your earlier delay. This was caused by a delayed train at Perth. We apologise for the inconvenience caused and suggest you consider visiting our “Delay Repay” page which outlines your options https://traincomapny.scot/delayrepay

“Delayed Train?”.. Earlier they had advised it was a signalling fault. And why are they advising I claim again? Don’t they know this has already been dealt with. Talk about incompetence.

It takes a while. But the realisation starts to filter through. Oh dear. This isn’t good.

 

Have you worked it out yet? I’m hoping you have, and I’m hoping you’d have realised what was going on from the Train Company’s very first response. Social Media scams (like most scams) work because you’re in a bad place. You’re frustrated, you’re angry, you want to rant at someone, and you expect, and indeed you got , an immediate reply. It was them wasn’t it?

That nice easy link through to their website. That simple form where you provided your name, address and more. That polite follow up which encouraged you to act quickly, logging in with your username and password (which you probably use elsewhere on the internet) and freely giving them your credit card details in exchange for a discounted ticket. Felt good at the time.. the wrong had been righted, justice had prevailed, you’d got one over the big company…

And then you realised.

Social Media impersonation is massively on the rise. With just a few “saved images” and a copy/paste of an existing bio it’s easy to setup a profile which looks pretty close to the original. The identity theft victim could be your friend, your bank, or your regular train company. But the real victim is you. You were fooled. Even if just momentarily, that “trust” you gave, and the data you provided them could result in significant consequences.

The above “fictional” story is based on a real incident concerning someone I know. Someone who’s not stupid, not ‘computer illiterate’, not greedy, and up until that point would consider themselves cyber savvy. But caught off guard at the wrong moment…

THINK.

Ps – if you’ve finished reading this and you’re still wondering what’s going on – then please get in touch immediately. If you want more help and advice protecting yourself, and your business, from the very real risks of cyber security and social engineering fraud, then ask us about our Cyber Essentials Awareness workshop, designed specifically for small businesses and their staff.


Update – if you think this is far fetched, think again – check out this recent news article on the BBC regarding Twitter Fraud (only if you’re brave enough to click the link!)