Payment apps like Venmo, Cash App, Google Pay, Zelle and PayPal are great for paying for goods and services and sending money to friends. You can even use some of them to split a bill at a restaurant. They’re an easy alternative to credit cards that are becoming more widely accepted as time goes on.
The advantages of payment apps are clear, but they can carry the same risks as any other payment method. And just like credit cards, your payment app accounts can be worth a lot of money to the right buyer. Tap or click here to see how PayPal accounts are being sold on the Dark Web.
As if that’s not enough to worry about, now you have to watch out when using social media. Bots are cloning real Twitter accounts to scam donations from other users via payment services like PayPal and Venmo.
Bots are not your friends
You’ve seen the posts on social media from friends and family in need. They could be struggling with rent, illness, vet bills, etc.
Scammers are always quick to spot new opportunities to rip people off, and this situation is no exception. They are creating bots to steal money from well-meaning people who open their wallets to those in need.
Let’s say a Twitter user creates a post saying their cat is sick and they’re trying to come up with a way to pay. They don’t necessarily ask for money, but their followers see that they are in need. Somebody replies and asks if the original poster has a payment app such as PayPal or Venmo. This is where the scam begins.
A Twitter bot created by a scammer scans for this type of reply and when it finds one, it strikes. The bot scrapes the profile picture of the original poster, along with their Twitter handle and username and creates a clone account.
The bot then blocks the account it’s impersonating and replies to the person who asked about payment apps. The bot posts a link and eventually deletes the account. This can all happen without the original poster’s knowledge.
Twitter user @stimmyskye posted a screenshot on their Twitter account showing how they were the victim of a Twitter bot.
Don’t fall for it
Always pay close attention to details like handles and usernames. Don’t ever link your payment account publicly. If you want to exchange money, do it in a direct message. This won’t alert the bot, which only scans public posts.
“Because you’re blocked, you’ll see that there’s one reply to that question but the reply tweet won’t show up,” @stimmyskye warned followers. “If you see a ghost reply to a comment like that, it’s almost always a scam bot.”
You should also double-check replies to see if they come from the actual account. Twitter handles can be nearly identical, so make sure you’re interacting with the correct one. If you see a ghost reply, don’t take any action except to warn others.