Beware fake social media customer service accounts

By Michael Lloyd

Social media has given consumers a great outlet for reaching banks, card issuers and other companies with complaints, problems or compliments. Since Twitter, Facebook and the like are so public, most companies won't ignore complaints posted on those sites, as they don't want to appear unresponsive to their customers. However, while it can feel nice to vent your frustrations and elicit a quick response, be aware that social media is a hot spot for cybercriminals, too.

Hackers set up fake profiles that look very similar to official customer service accounts, then contact users who have publicly complained and ask for personal details or login information. They may also ask consumers to click a link for further instructions, but the link is actually a phishing or malware site. The thieves may sell the information they gain to identity thieves or use it to transfer money illegally.

In September 2015, an enterprising hacker took advantage of a major NatWest service problem by setting up a fake Twitter profile, complete with NatWest branding, and using it to contact consumers complaining about the service issue, the Express reported. In reality, the link the fraudsters sent to disgruntled customers led to a phishing site disguised as the bank, and unsuspecting users freely gave their personal information. A similar scam targeted Tesco Bank customers in 2012. social-media-customer-service-fraud

"Used wisely, social media can be an efficient way for consumers to alert companies to a problem and to get a quick response," Mike Haley, deputy chief executive of Cifas, the UK's fraud prevention service, said in response to emailed questions. "However, social media is no less a target for scammers as any other communication channel -- just like scam phone calls or fake websites, fraudsters can set up fake social media accounts in the hope of persuading as many people as possible to hand over sensitive information, such as credit card and bank account details."

Staying ahead of the hackers
It's generally safe to use social media to air grievances with banks or credit card issuers, so long as you keep a few things in mind.

When posting your complaint, make sure you direct your message to the official profile of the company you want to contact. Facebook and Twitter use account verification to indicate a legitimate company account. Check for this verification by looking for a small blue circle with a checkmark in it. If a major bank or credit card issuer has a social media account, it will be verified, so avoid any accounts without the blue mark. You can always double-check social media addresses on companies' official websites.

It's also important to make sure your social media accounts don't give away any of your personal details, and aren't visible to non-friends or followers. Simply seeing that you have a relationship with a certain bank or card issuer could be a boon to fraudsters. For instance, you may tweet an innocent-sounding complaint about a slow response from your bank, without directly engaging with the bank. An impostor could then target you with a phony solution.

"Be wary of unsolicited approaches from companies ... it could be an opportunistic fraudster," Haley said.

You should also set your social media profile security settings to high and never publish personal details in public or private messages, even to verified accounts. "Even when the company account is genuine, in the midst of trying to get an issue sorted, social media users often forget that their communication is public and can be viewed by complete strangers," Haley said. A genuine company won't request personal data via social media, even through a private message. Alarm bells should also ring if you receive any links via social media.

"If you want to progress your complaint, then switch to the company's official and secure complaint channels as soon as possible by checking their official website or calling a trusted number," said Haley. Social media representatives of official bank and credit card issuers are usually keen to transfer complaints to secure channels at the earliest opportunity.

If you suspect you may have revealed too much to a fake customer service profile, contact the bank or card issuer you were trying to reach as soon as you can with details about the bogus account. Act fast, as you might not be able to reclaim any money you lose to scammers -- fraud cases are assessed on a case-by-case basis, but some banks and card issuers won't refund stolen money in the case of negligent behaviour, and may view social media interactions as such.

See related: 10 tech-savvy ways to protect yourself from online fraud, Social media is open door for thieves, lenders, Victims of fraud not liable for thief's charges -- usually

Published: 3 November 2015