Skip to main content

The Australian Cyber Security Centre (ACSC) recently discovered multiple fake Twitter accounts pretending to be affiliated with an Australian company. The accounts featured similar branding and messaging using fake identities and contact details, creating possible confusion for users looking for support.

We use social media daily as an active communication tool, connecting us with millions of users around the globe.

Social media has become increasingly popular and accessible which has created a new domain for businesses, government agencies and industry bodies to actively engage with their customers.

Not all smooth sailing

In 2017, Twitter estimated that approximately 8 per cent of its profiles were fake and, since then, increasing technological advances have made it difficult for customers to identify these fake accounts. This creates a challenge for social media networks to manage.

Protect yourself against the fake social media storm

Criminals will use visual cues such as branding and messaging to gain your trust. They may also use information from your social media accounts to make their messages more appealing or appear authentic.

There are a number of actions you can do to protect yourself from the threats of fake social media accounts:

  • When visiting a business account, check the account is verified. If unsure, visit the official business website.
  • Do not share personal details such as bank account details or personal identifiers (licence number, Medicare number etc).
  • Before you click a link, hover over that link to see the actual web address it directs you to (usually shown at the bottom of the browser window). If you do not recognise or trust the address, try searching for the business in your browser.
  • Use the same caution with clicking on advertisements and online shopping on social media platforms. Just because a post appears in your feed, doesn't mean the retailer is legitimate.
  • Be especially cautious if messages are very enticing or appealing, or threaten you to make you take a suggested action.
  • If a message seems suspicious, contact the person or business separately to check if they are likely to have sent the message. Use contact details you find through a legitimate source and not those contained in the suspicious message. Ask them to describe what the attachment or link is.
  • Protect your social media accounts with strong passwords and two-factor authentication.
  • Familiarise yourself with the site’s privacy and security settings. Make sure you’re only sharing your information with the people you want to share it with.
  • Report all fake accounts to the social media platform.

Protect your social media accounts with two-factor authentication

Correcting the course

If you think you’ve been scammed there are steps you can take to limit the damage and protect yourself from further harm.

  • Contact your bank or financial institution. If you’ve sent money or your personal banking details to a scammer, contact your bank or financial institution immediately. They may be able to help by stopping a money transfer or cheque, investigating a fraudulent credit card transaction, or closing your account if the scammer has your details.
  • Recover your identity. If you think you have been the victim of identity theft, act quickly to avoid further damage. Contact IDCARE, a free government-funded service who can help. Visit the IDCARE website.
  • Report the scam. If you have been a victim of a crime (such as fraud), report it to ReportCyber. We also encourage you to report the scam to the ACCC’s Scamwatch.

Footnote: 48 million Twitter accounts could be bots