Last week, a not-particularly-detail-oriented scammer inserted themselves into a complaint against an ISP that was publicly posted to Twitter.
The scammer pretended to be the ISP – Virgin Media – and direct-messaged a reply, trying to weasel a credit card number out of the complainer…without noticing that the complaint was coming from an infosec company that then tried to trick the scammer into clicking on a link that would snare the fraudster’s IP address…resulting in a round-robin “I think you need to click that AmEx link!” vs. “No, really, you need to send a different credit card number – this one’s not working!” back-and-forth. The UK-based penetration testing and cybersecurity company, Fidus Information Security, posted this account from director Andrew Mabbitt after he attempted to turn the tables on the scammers. It all started with Mabbitt’s publicly posted complaint directed at Virgin Media on Twitter, he writes: Yesterday whilst complaining to Virgin Media on Twitter about my broken internet I encountered a very interesting scam attempt. Within minutes of posting a complaint I got two replies; one from Virgin Media themselves in a public message and another from somebody purporting to be from Virgin Media in my DM’s. [sic] Here’s the prompt, seemingly helpful, seemingly “yes you’re really talking to Virgin Media” reply from the scammer: Hi there. What’s your full name and address linked to your account so we can help you further with this please? ^BP . Nice try, Mabbitt thought, suggesting that the scammer must be watching for keywords in real-time in order to get fake help responses out fast – fast enough so that the person behind the complaint tweet is still hot under the collar.