Help – There’s an Imposter
By Dulcie McLerie, account director at Eskenzi PR
Recently I discovered that one of my professional email aliases had been used to create a Twitter account – and I had absolutely no idea!
I didn’t receive an email from Twitter notifying me that an account had been created, it wasn’t showing up in my feed, I wasn’t receiving alerts and if I hadn’t tried to create an account using this email address I would probably never have known. It’s all been sorted now, and I have to thank the Twitter team for being responsive and helping me reclaim the account – which had been created in Vietnam of all places, but it did raise a number of questions for me.
Firstly – how was it done? And to be honest this one I’m still a little stumped by. When you create a Twitter profile, you need to use an email address, and to complete the process you have to verify it – but this hadn’t happened. To be on the safe side I have changed the password associated with this email account. So how did they get round that? Answers on a postcard please.
Secondly – why! And again, I don’t really have any answers. There had been no activity on the account – no weird tweets or statuses (I’ve checked.) From what I can tell the account hadn’t been used to make fraudulent purchases. It was linked to a mobile phone – which I’ve now revoked, but other than that it just existed. Weird huh!
Lastly – what other social sites have fake profiles that use one or another of my email addresses and how will I find them?
So why should this cause me sleepless nights?
On this occasion there was no harm done – or at least none that I can tell. Bar a bit of inconvenience, and a few hours lost productivity reclaiming the account, it would appear that no lasting damage has been caused. But that doesn’t mean I’m happy and can relax. Primarily, as I still don’t fully understand how the scammers did it, I can’t be sure it won’t happen again – or isn’t still happening as over the years I’ve ‘owned’ a number email addresses.
Looking beyond just me personally, it makes me question how many other email addresses have fake profiles associated with them. Organisations could have their employees email addresses spoofed in a similar fashion that are then tweeting, posting statuses or messaging others pretending to be said company. There could be malicious links littering twitter feeds duping unsuspecting individuals into clicking. What about if the profile is trolling someone? What’s to stop these fake accounts uploading pictures, making damaging statements, or any other unpleasantness?
I don’t really have any answers, in fact I just have lots of questions. However, as a communications professional, I do think it’s a risk organisations can’t ignore – if nothing else to reduce the risk of brand damage. While Twitter did identify what it deemed as ‘automated behaviour’ on my fake twitter account, and suspended the profile, I’d imagine there are many others that don’t raise any flags and get stopped.
I’ll leave that thought with you.