Bots Are Impersonating Twitter Users for PayPal and Venmo Scams

Internet scam bots are cloning Twitter accounts to steal small donations at scale. Here's how to spot the scam.
Adam Rowe

If you hang out on enough social media sites, you're likely familiar with a certain type of post: Someone's cat suddenly fell sick and racked up a vet bill or someone's between jobs and needs a rent payment, so they've sent out a call for their followers to donate a few bucks.

Internet scammers have seen these posts as well. And, true to form, they've found a way to make a buck off of it with a particularly insidious scheme: Impersonating the original poster within minutes in order to substitute their own payment account for that of the person who really deserves the money.

Here's how it works, and what to look for to spot the Twitter bot impersonation scam.

Instant Account Cloning

The key to this scam is that it's not tied to the original poster mentioning they have money problems. It's a response to the type of response that is common in these scenarios. A well-meaning friend will comment, asking if the person in need has a particular money transferring account — PayPal, Venmo, Cash App, and Ko-fi are the top options. Then the impersonation bot springs into action, likely triggered by keywords or phrases like “do you have PayPal?”

Twitter user @stimmyskye explained the entire process in a recent Twitter thread, complete with a screenshot capturing the bot in action:

The bot clones the original account's profile picture, Twitter handle, and user name in order to respond with what appears to be the requested link. The bot's freshly created account also blocks the account it's impersonating, making it impossible for that account to realize what's going on.

Finally, the bot deletes the account some time later, fully covering its tracks after another successful day of stealing from the internet's charity box.

Granted, it's tough to say just how many bots are pulling off this scam or what the damage is, although multiple responses in the Twitter thread linked above note that they have fallen for that exact scam in the past.

Staying Safe from the Scam

How can you catch this scam bot in the act? After all, it's a tidy bit of trickery that no VPN or other data privacy service will be able to catch.

Instead, you'll have to remember to double-check a Twitter account before sending over your PayPal donation. User names can be the exact same, but every Twitter handle is unique: The bot in the above example simply added an underscore to the end of the Twitter handle it was cloning. Like any phishing scam, a closer look will reveal the truth.

And, if you really want to be safe while sending funds to a friend on Twitter, try reaching out through a direct message — the scam bot won't be triggered, and wouldn't be able to show up in the same chain of direct messages even if it was.

Will Twitter Fix It?

The initial Twitter call-out thread notes that Twitter could solve this issue relatively easily, perhaps by adding wait times before a brand-new account can tweet, or by checking accounts for signs that they're cloning another user.

You'd think addressing this would be a priority, particularly given the well-known payment services that are getting tangled up in it: PayPal's the backbone of retail payments thanks to its ubiquity in POS software or invoicing.

But change is unlikely to happen without a large public backlash drawing attention to these slippery clone bots. If Twitter takes action, it may lower engagement, and social media platforms are geared towards nothing but boosting user interaction — even when that interaction is radicalizing bad actors or surfacing misinformation.

It's a fundamental flaw that watchdogs have been warning about for years, particularly when it comes to YouTube or Facebook's algorithms. Twitter's troll problem is another relevant concern. We'll likely continue to warn against putting engagement above all else for years to come, as well. In the meantime, keep an eye out for Twitter scam bots.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He's also a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and he has an art history book on 1970s sci-fi coming out from Abrams Books in 2022. In the meantime, he's hunting own the latest news on VPNs, POS systems, and the future of tech.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals