If you hang out on enough social media sites, you're likely familiar with a certain type of post: Someone's cat suddenly fell sick and racked up a vet bill or someone's between jobs and needs a rent payment, so they've sent out a call for their followers to donate a few bucks.
Internet scammers have seen these posts as well. And, true to form, they've found a way to make a buck off of it with a particularly insidious scheme: Impersonating the original poster within minutes in order to substitute their own payment account for that of the person who really deserves the money.
Here's how it works, and what to look for to spot the Twitter bot impersonation scam.
Instant Account Cloning
The key to this scam is that it's not tied to the original poster mentioning they have money problems. It's a response to the type of response that is common in these scenarios. A well-meaning friend will comment, asking if the person in need has a particular money transferring account — PayPal, Venmo, Cash App, and Ko-fi are the top options. Then the impersonation bot springs into action, likely triggered by keywords or phrases like “do you have PayPal?”
Twitter user @stimmyskye explained the entire process in a recent Twitter thread, complete with a screenshot capturing the bot in action:
okay so as some people don't seem to know this is happening:
when someone replies to one of your posts asking you for your paypal / venmo / etc, there are bots that will IMMEDIATELY clone your account and reply with a payment link. they block your account in the same second. pic.twitter.com/UZaqYpmhvX
— skye he/him (@stimmyskye) September 23, 2021
The bot clones the original account's profile picture, Twitter handle, and user name in order to respond with what appears to be the requested link. The bot's freshly created account also blocks the account it's impersonating, making it impossible for that account to realize what's going on.
Finally, the bot deletes the account some time later, fully covering its tracks after another successful day of stealing from the internet's charity box.
Granted, it's tough to say just how many bots are pulling off this scam or what the damage is, although multiple responses in the Twitter thread linked above note that they have fallen for that exact scam in the past.
Staying Safe from the Scam
Instead, you'll have to remember to double-check a Twitter account before sending over your PayPal donation. User names can be the exact same, but every Twitter handle is unique: The bot in the above example simply added an underscore to the end of the Twitter handle it was cloning. Like any phishing scam, a closer look will reveal the truth.
And, if you really want to be safe while sending funds to a friend on Twitter, try reaching out through a direct message — the scam bot won't be triggered, and wouldn't be able to show up in the same chain of direct messages even if it was.
Will Twitter Fix It?
The initial Twitter call-out thread notes that Twitter could solve this issue relatively easily, perhaps by adding wait times before a brand-new account can tweet, or by checking accounts for signs that they're cloning another user.
You'd think addressing this would be a priority, particularly given the well-known payment services that are getting tangled up in it: PayPal's the backbone of retail payments thanks to its ubiquity in POS software or invoicing.
But change is unlikely to happen without a large public backlash drawing attention to these slippery clone bots. If Twitter takes action, it may lower engagement, and social media platforms are geared towards nothing but boosting user interaction — even when that interaction is radicalizing bad actors or surfacing misinformation.
It's a fundamental flaw that watchdogs have been warning about for years, particularly when it comes to YouTube or Facebook's algorithms. Twitter's troll problem is another relevant concern. We'll likely continue to warn against putting engagement above all else for years to come, as well. In the meantime, keep an eye out for Twitter scam bots.