What is Twishing? | NatWest

What is Twishing?

How to protect yourself
from fraudsters trying
to scam you on Twitter

Add your signposting title here…

Twishing is when a fraudster uses Twitter to get in contact with you with the goal of defrauding you. They’ll try to trick you into giving up your personal information to gain access to your bank accounts.

If you’re not ready, you could end up giving away your personal information or passwords to a criminal without realising it.

We’ve prepared this guide to get you up to speed on spotting and avoiding Twitter fraud.

Where does the word Twishing come from?

The word twishing is based on the term phishing (another word for an email scam).

In phishing, a fraudster uses a fake email account to pretend to be someone trustworthy. They then try to get you to send them your personal information. Learn how to spot and avoid phishing  emails here. 

Twishing basically means ‘Twitter phishing’ – it’s a social media version of the common email scam.

In twishing, the fraudster will make a fake social media profile instead of a bogus email address and then try to trick you with deceptive tweets and direct messages.

How to spot a Twitter scam

What does twishing look like?

A fraudster will set up an account that looks trustworthy - like your bank’s official Twitter account or a relative or friend’s account.

Next, they’ll tweet you, or send you a direct message (DM), trying to gain your trust with the information they’ve found out about you.

They may try to rush you by telling you to act fast, or scare you by saying ‘you’ve been a victim of fraud’. But ultimately they’re trying to trick you into giving up information or clicking an unsafe link.

 

What kind of things will a fraudster ask you for?

Regardless of their approach, online fraudsters are after similar things. They want your personal information for identity fraud, or your passwords and codes for online fraud. They might ask you:

 

  • Your full name (including any middle names)
  • Your full address
  • Answers to common security questions (like your mother’s maiden name)
  • Banking details (like your sort code and account number)
  • The login details to your online banking or other passwords
  • To click a link to log into (a fake version of) your online banking
  • To click a link so that they can control your computer remotely

Learn more about keeping your information safe with our guide to protecting your data online.

Things to look out for

Fraudsters will go to great lengths to appear genuine, but there are ways to spot a scam.

 

  • Look for spelling or grammar mistakes Fraudsters usually act quickly, so they will often make small errors in their messages.
  • Have they spelt your name correctly? Someone trying to sound like a friend or relative won’t know you as well as they pretend to. Look out for odd phrases and incorrectly spelt names
  • Does the account look genuine? Check how many tweets and replies are on the account. Do the tweets make sense? Are there a lot of repeated tweets?
  • How many followers has the account got? If the account is claiming to be from a bank or national company, they should have hundreds of thousands of followers and will usually have joined Twitter a long time ago.
  • Is the Twitter account contacting you verified? Twitter certifies official accounts with a ‘verified badge’ (a white tick in a round blue badge). If the account contacting you doesn’t have one, it’s a warning sign  .
  • Does the Twitter handle match the handle on your bank’s official website? Go to the company’s official website and find the link to their Twitter page. Do the handles match?

Even if all of these things seem to be correct, remember we will never ask you to log in to your online banking through a link on social media. We never ask you for your banking passcode or any other passwords in full. We don’t need information from a card reader and we never ask for any credit card details.

  

How to avoid becoming a victim of a Twitter scam

Top tips for avoiding Twitter scams

 

  • Never click a link in a tweet or direct message unless you’re sure it’s from someone you trust.
  • Don’t share personal information on your social media profiles.
  • Never post sensitive information on your feed, in a tweet, in a chat.
  • Keep your guard up online. Though it’s called twishing, fraudsters will use Facebook – or any other form of social media – if they think it’ll help them get what they want from you.

Learn about similar types of fraud in our guide to social engineering scams.

Add your signposting title here… Make life hard for fraudsters

Fraudsters will use any information they can find on you to pretend that they know you. The more information you share on your social media platforms the easier it will be for a scammer to make their approach seem above board. 

Restrict what you share and review your privacy settings. Click here to find out more about social media security.

If you experience twishing, or any other type of fraud, report it immediately.

What to do if you become a victim of fraud

If you think you’ve been a victim of Twitter fraud, or any other scam, you need to report it straight away. You can find our helpful guide on the steps you should take here.

Set Tab for lightbox