Fake X accounts found scamming airline customers

Fraudsters are harvesting people’s sensitive data

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

British consumer association Which? has warned users of fake airline accounts on X looking to steal their personal information, whilst also criticizing the social media network for not reacting to the threat fast enough.

Which? said that virtually every major airline operating in the UK, including British Airways, easyJet, Jet2, Ryanair, Tui, Virgin Atlantic, and Wizz Air, were all being impersonated.

The modus operandi of the scammers is quite simple: they use bots to automatically crawl social media interactions, looking for people dissatisfied with their airline’s service - which could be a delayed flight, lost luggage, or anything else.

Reacting too slow

The scammers would then reach out to the victim, either by posting a comment in the thread, or reaching out directly. Their message would be almost identical to what the airlines usually post, apologizing for the inconvenience caused.

However, the message would also come with an extra link, leading to a malicious landing page where the attackers would harvest people’s sensitive data. Alternatively, they would ask for their phone number, to be able to reach out directly and come to a resolution.

With these types of scams, the attackers are hoping the victim won’t realize they’re not talking to an official account.

Which? also criticized X for being too slow to remove these accounts from the platform. Apparently, reporting fake accounts to X “seems to have limited effect” as the majority of the bogus posts and accounts “were still live at the time of writing.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

X’s terms of use state that users impersonating organizations will be permanently suspended, and it told Which? that it took down all of the fake accounts the consumer group identified.

Furthermore, an X spokesperson told the publication: “On X, you may not misappropriate the identity of individuals, groups, or organizations or use afake identityto deceive others.”

“Accounts that pose as another person, group, or organization in a confusing or deceptive manner may be permanently suspended under X’s misleading and deceptive identities policy.”

ViaBBC

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet