Take Care When You Follow Twitter Accounts as They May Be Fake

Author: Christina Comben Date: 07 Jun 2019

As most of you probably know by now, Adam is officially on Twitter and you can follow him @realAdamTodd. But please be extra cautious when you do. In just two days, the number of impersonators that are springing up is eye-opening. There are so many bad actors in this space, and we want to remind you to double check every person claiming to be part of the Digitex team. They do not have your best interests in mind.

Fake Twitter Accounts

So why do people create fake Twitter accounts to impersonate others? Well, it’s usually a scam, and if not, it’s certainly with mal-intent, perhaps a bad actor or bot trying to cause FUD. Many people who pretend to be others online in the cryptocurrency industry do so to con followers out of their crypto assets.

They’ll often promise to give out free tokens or crypto coins when you send them a certain amount of tokens first. If you follow @VitalikButerin, you’ll notice that his official name is “Vitalik Non-giver of Ether.”

Vitalik Twitter

This is a nasty and common scam to fall for, but it’s not as bad as the people who ask for your private keys. Cryptocurrency users should never, ever give their private keys to anyone.

Under no circumstance will anyone at Digitex Futures ever ask you for your private keys. We will also never ask you to send us DGTX tokens or ETH. Please be careful out there, since Adam’s account is new and there is currently no way to verify it. So, be sure to look carefully at the tweets, his followers, and who he follows.

Also, please check the @Twitter handle that is officially tweeted out by @DigitexFutures.

It’s So Easy to Open a Fake Account—And So Hard to Remove

Anyone can open up a fake account in a few seconds and copy over images from the one they’re impersonating. However, reporting fake accounts is incredibly strenuous and hard. To report a fake account on Twitter, you must go through a myriad of steps, which then involve a follow-up email from Twitter, sometimes wanting you to upload your government ID and other documentation.

And the imposters are very shrewd about it. One of the accounts we reported was using this handle: @reaIAdamTodd. Thanks to the Twitter font choice, there is almost no way of detecting the difference between a capital i and a lowercase L. Here’s a quick test. Are these letters the same: “l” and “I”?

You can see a slight difference on this blog because of our font choice, but because of the font choice Twitter has made, there is almost no way of detecting the difference between a capital i and lowercase L on their site. The following screenshot shows two different @handles, though you can't see a difference. Spot the fake account:

two almost identical handles

To report this i and L confusion as a security issue with Twitter, we had to open up an account with HackerOne and explain in detail how their font choice means that a visitor cannot distinguish this difference. However, after following all the steps required to report this security issue, we were brushed off with this answer:

“You are correct that this can be confusing, but we do not consider this behavior a significant security risk to Twitter or its users. We do not plan on making any changes at this time regarding this report. That said, we do appreciate your efforts here, and we hope that you’ll continue reporting security issues to us in the future.”

You can check the screenshot below to verify what happened:

wrong font

 

Actually, this font problem is part of a larger security issue across the entire tech industry since in most web browsers it’s hard to distinguish between I and l in the address field. This is a small-but-significant loophole that allows bad actors to create phishing sites and hack into people’s accounts.

There Is Power in Numbers

They often say that there’s safety in numbers. But there’s also power in numbers. Twitter may have denied our request this time around, but as with the Facebook accounts, the more people who report them, the better.

We’d like to say an extra thank you to the Digitex Task Force for helping us take down fake domains, Facebook pages, and generally keeping the space cleaner and safer for all. We’d also like to encourage anyone who sees any suspicious activity on Twitter, Telegram, or any other platform to report it or to let us know.

As a test, we decided to see if we could create a fake VitalikButerin account using the same trick with the uppercase i. Guess what? That account has been blocked. So, Twitter does take notice when the account gets big enough and the complaints are consistent.

Below is another fake Twitter account using the realadamtodd username. The difference here is much easier to see. The impostor uses all lower case, there are three ddd's in the @handle (but that's easily overlooked), there is no Digitex banner in the background, and you can see he (or she) has just 10 followers and one tweet. We’ve reported this account as well, but for now, our complaints are falling on deaf ears.

Fake Twitter Adam

Be Careful Out There and Stay Safe

Fake Twitter accounts, scams, FUD pedallers, and dodgy domains aren’t only happening with Adam or Digitex Futures. As we mentioned before, this is an industry-wide issue. We hope that other companies in the crypto space are as concerned as we are and take the appropriate steps to protect investors from being duped.

In the meantime, please be sure to double-check everything, report anything suspicious, and stay safe online!