Skip to content

Fake airline accounts scam Twitter users

These days it’s safe to assume when you’re contacted through email or on a social network from a stranger, it’s likely a scam. It takes very little effort for a kid in his basement in some far off third world country to make more money than he ‘d ever be be able to make in his local economy. Or it can be from an organized criminal ring that sends out millions of email with little effort or cost, needing only a fraction of a fraction of a percent response to make it worthwhile.

There’s no end to the clever schemes they come up with. Invariably I delete a half dozen or more emails each day purporting to be: a receipt for a huge charge for the Geek Squad, a bill for a subscription to McAfee, a PayPal invoice, or a request to call UPS because of a failed delivery. Each is designed to startle with a huge bill or shock, and get is to click to open an attachment or to respond. Here’s my advice: Never ever click on a link or attachment. Instead permanently delete the email from your computer.

And it’s endless with one type of scam after another. Whenever there’s an new opportunity, a bunch of scammers will jump in. I was reminded of this today after reading an article in the WSJ about how scammers are now impersonating airlines to reach out to users on Twitter (now called X) who are appealing for help.

Twitter used to be a great way to get help from companies when it was difficult to reach them in any other way. When I had a problem with a Verizon bill or a Southwest flight in the past, calling attention to them with a tweet that included their account name often got a quick response and the problem solved. Because of the tweet’s public visibility, an agent usually responded within an hour or two.

The article in the WSJ explains that when the reporter used Twitter to ask for help with a flight, cancellation, or reservation related issues, they’d often get responses from fake airline accounts. Typically they’d ask for a phone number to call back or try to get credit card numbers, passwords, and other personal information. These responses came from fake accounts representing to be Southwest, Air Canada, and others.

Why is this a fake account? See below for answer

This is occurring because Twitter no longer verifies their users’ accounts. Anyone willing to pay $8 per month can get a blue check that supposedly makes their acount seem legitimate, but instead it only means they are willing to pay.

This problem also can occur elsewhere such as Facebook or Instagram, although these companies do a bit better to police their sites. They consider fraudulent activity more as a bug, where Twitter sees it as a feature!

One of the key indicators of fraudulent accounts is the name of the account in a Tweet or the email.

From the WSJ article:

“The account looked similar to Southwest’s, with the airline’s signature heart logo. The display name on the account was SouthwestAir, which is the actual Southwest’s handle. The reply was empathetic, too. (“We apologize for the inconvenience.”) It was even signed like Southwest does in its posts.

But I noticed red flags. The account’s actual handle was @_SouthwestAir9, not @SouthwestAir. Unlike the real feed, the impostor had no gold check mark, the new replacement for the blue check mark for many brands. 

Both the real airline and Fake Southwest asked me to send information via direct message for assistance. The impostor account wanted my phone number, not my flight confirmation number. As soon as I provided it, someone called me via WhatsApp and said they were with Southwest Air. I said it didn’t sound like Southwest and they quickly hung up.

It wasn’t a one-off. Around the same time on Monday, a traveler reached out to Air Canada on X with a complaint about a canceled flight. The airline and an impostor, @aircanada153551, both responded.”

In the case of an email, check the details of the sender by going to the “From” field in the email and expose the full address. Hover your cursor over the sender’s name to see the full address. If it doesn’t look like it’s from the company it says its from in this format [company name].com. It’s likely a fraud. Sometimes it’s an address with a long string of characters, with perhaps the company name imbedded within.

The other way to check the address is to hit reply and look at the new email:

But don’t send it, just delete it after checking.

Because I get so many of these, I rarely check the address anymore; I simply delete or mark as Spam and move on.