“User impersonation", as Twitter calls identity theft, isn’t much fun. I recently woke up to concerned emails from colleagues and a number of kind but unusually urgent direct messages from contacts I’m not used to hearing from. The one that summed up my situation best: “I think you have a problem, Joe!”
They were right. An account had been created using the photos and exact details of my genuine Twitter profile. The only difference was that the perpetrator had added one character to my user name. For my followers (not that I have that many), it would be reasonable to assume it was me. The fraudster then followed a number of my contacts and at least 20 people followed back, their accounts now open to messages by my impersonator.
Now I have followed, unfollowed and followed again some people on Twitter, but if someone familiar makes contact with me and appears to be starting from scratch, rebuilding their account for some reason, I’d like to think I would stop and think about it. Indeed, I did recently when something similar happened to a friend – it didn’t quite feel right.
In my case, suspicious colleagues reported their Twitter invitations from the fake me before I had a chance to do so. When I reported the problem after waking the next morning, I already had a case number and it was due to be reviewed. A few hours later, I was relieved to receive the following email from Twitter: “Thanks for sending us your report. We reviewed the account, and removed it for violating our rules.”
Later that morning, I received a call from a senior journalist – let’s call him Jake – who had been unfortunate enough to have engaged with the scam account, clearly distracted while watching a football match. His story went like this:
After following the fake Joe Jenkins, he was direct-messaged and asked for his WhatsApp number so he could be sent an invitation. Unknown to me while I slept, I had set up a media book club – actually not a bad idea, though with a narrower demographic than Oprah’s – and invited him to join it. When he responded, naturally curious about this prospect, he received messages asking him to verify his WhatsApp and Twitter accounts and, unwittingly (as the goals went in, no doubt), his control over those two accounts was surrendered. His WhatsApp contacts then received a message from “him” asking for their help with something he needed to pay for and – of course – their credit card details. I hope none fell for it. I don’t really have the heart to ask him more about it at the moment, but one day I will buy him a coffee and find out what the fall-out was. Fortunately, I am unaware of anyone else being snared like this by my impersonator.
While it was my identity that was cloned, Jake was the real victim, even if – I hope – just for a number of anxious hours. At least his employer’s IT department helped him to resolve the fraud. I apologised to him for his predicament, despite having no responsibility for it.
That same week, I was dealing with one of my credit cards being defrauded in another country. Like Twitter, my bank in the UAE dealt with the fraud promptly. It is easy to rail at big companies when their customer service goes awry, or is even downright awful, but in these instances they deserve praise for handling vexing situations with such efficiency.
I’m not quite sure what we learn from this. I suppose: that fraudsters are not just following a clever pattern of deception in the hope of catching someone unawares – they can be imaginative too. A media book club is a pretty good ruse when your patsy is a journalist, even if I’m a serial starter – and rare finisher – of books. But like all journalists, I do like to talk about my craft and would certainly be game for it, as I’m sure would many of my friends and contacts on Twitter. If nothing else comes from this episode, a media book club might have been born in the UAE. Who’d like to suggest the first book? But if you receive an invitation to join, do just double-check it really is from me.