Twitter

Beware posts on social media offering “account recovery” services – It’s a scam

Scammers are always looking for ways to lure victims into handing over their cash, and claiming, falsely, to offer “hacking” or “account recovery” services via social media is one such method that is proving successful.

The premise of the scam is very simple and we can outline how most of these scams work in this simple run down…

1. Scammers scan social media platforms such as Instagram and Twitter (X) looking for social media posts made by people who claim they have lost access to an online account (for example they lost their password or were ‘hacked’).

2. The scammers reply to those posts “recommending” that the person contact a specific ‘specialist’ account to get access to their account back.

3. When the person gets in contact with the alleged ‘specialist’, they’re told they’ll need to pay money to complete the account recovery process. That money is then stolen.


Sponsored Content. Continued below…




Let’s dive into each step of this scam and look a little bit more into how it works.

1. Many social media users may have gone to Instagram, Twitter or other social platforms to bemoan about losing access to another account, whether that account got “hacked”, or simply because they lost the password. It’s these sorts of posts that scammers are looking out for.

In most cases the scammers are using software to scan social media posts for certain keywords or phrases, such as “hacked” or “lost my password” (which is why scammers often mistakenly target social media posts that have nothing to do with losing access to an account.)

Scammers and crooks understand that users grumbling about losing access to an account may be desperate to regain access, and desperate social media users are a common demographic that crooks know are susceptible to online crime.

2. Once the scammers locate these types of social media posts, the next step is to lure the potential victim to the scam. This is typically done by the scammer “recommending” a “cybersecurity specialist” or “hacker” who specialises in regaining access to lost or hacked accounts. The scammer usually does this by pretending to be a past ‘customer’ who managed to regain access to a lost account. The scammer may recommend the poster reach out to an email address, a social media user or visit a website.

For example, see the tweets below which were posted as comments to a tweet about a hacked account. In the comments the scammers are attempting to lure the original tweeter to either a website or another social media user.


3. The endgame to the scam here is to lure Twitter users into paying for a bogus “account recovery” service. If users do contact the “tech specialists” or “hackers” they’re recommended, they’re asked to pay money for software, or in some cases for a “code”, under the promise that after payment is made, the users will regain access to their account. In reality once payment is made, the crooks simply take the money and run.

Such “account recovery” scams are prolific on Twitter and Instagram, with both platforms failing to remove offending accounts. Other platforms such as Facebook and TikTok also see these scams proliferate widely.

Fortunately avoiding these scams is simple once you’re aware that they’re indeed scams. Simply avoid replying to unsolicited comments offering hacking or account recovery services, and certainly never make any upfront payments.

Share
Published by
Craig Haley