Elon Musk's Twitter takeover is creating problems for banks

Following Elon Musk's purchase of Twitter, the company changed its policy on how users can get the blue badges historically associated with official accounts for public people and companies. A flood of parody accounts hit the platform, and brands now face the challenge of fighting impersonators.
Gabby Jones/Bloomberg

With rapid changes to his newly purchased company, Elon Musk has created multiple liabilities for Twitter and the brands that use it by undermining trust in the authenticity of the social media presences of companies, public figures, government agencies, and other authoritative entities.

Banks, some of which use Twitter for both brand-building and as a channel for customer service, face new and heightened reputational risks including that accounts marked as verified may have an easier time committing fraud against customers, or that they could simply make the company look bad with a credible-looking but offensive tweet.

The day after Musk enabled users to purchase a blue verification badge for $8 a month, a Twitter account impersonating the pharmaceutical company Eli Lilly sent a tweet saying that "insulin is free now." After the tweet went out, the company's stock price dropped roughly 6%. Company executives the next day decided to stop all Twitter advertising campaigns.

The impersonator had paid $8 for Twitter Blue, a now-suspended service that Musk established to allow anyone to receive a blue verification badge. The impersonator is one of many who parodied Eli Lilly; numerous people and companies have gotten similar treatment.

Twitter did not immediately respond to a request for comment.

Twitter has started addressing the impersonation problems with a policy Musk tweeted out on Nov. 10 that parody accounts would be banned if they do not mark themselves as such. The platform already had a policy against financial scams, including against the use of impersonation to commit fraud.

Twitter under Musk has also developed a two-tier system for verification and authenticity badges. Under the new system, anybody can pay $8 for a blue verification badge. Only Twitter decides who gets a new, gray authenticity badge.

The two-tiered system has yielded two-tier results. The likes of Chase, Wells Fargo and Navy Federal Credit Union have blue and gray badges next to their Twitter handles, but other institutions including Credit Suisse in Switzerland and Guaranty Trust and Bank in Nigeria have only a blue badge. Some, including Colorado Credit Union and Arkansas Federal Credit Union, have neither.

However, even the large institutions run accounts that don't always have the gray authentication badges. While the customer service account for Wells Fargo has a gray check mark, Chase's does not.

Not all of financial institutions' Twitter problems are thanks to Musk. In October, before Musk purchased the company and fired much of its staff, Guaranty Trust ran into an issue of a faux account tricking a customer into handing over her bank account number and password — a scheme that has played out for other bank customers over the years.

Such schemes are hardly unique to Twitter. Email and text messages are common venues for fraudsters to phish for credentials and account information, as are other social media platforms including Facebook and Instagram.

But when a consumer believes they are interacting with a verified entity — say, one with a blue verification badge next to its name on Twitter — the risk changes, according to Sara Seguin, principal advisor of fraud and identity risk at identity verification software provider Alloy.

"If a user believes an identity to be verified, then it can lead to individuals falling victim to a scam," Seguin said. "When impersonation occurs on social media, then unsuspecting individuals could be more likely to provide personal or financial information for the fraudster's gain or take action based on what the impersonator has shared."

ElonMuskBL414

Musk's public statements provide a rough road map for the creation of a financial services business. Social media sites has been down this road before.

November 10

Seguin said financial institutions can rely on social media monitoring tools to stay privy to impersonation accounts or other activity they need to know about, which can feed into a strategy of providing customer support via social media.

"Banks should continue to remain vigilant in monitoring when their firm is mentioned in social media and put reliance on their internal know-your-customer policies in order to provide customer support through any platform," Seguin said.

Twitter also has a sordid history with cybersecurity, according to Safi Raza, senior director of the cybersecurity at software company Fusion Risk Management. He pointed to an episode that happened over the summer resulting in hackers accessing personal information connected to 5.4 million accounts, one of many examples of hackers exploiting Twitter's technical vulnerabilities.

This history raises concerns about whether and how banks should interact with customers on the platform, particularly to the extent that involves sharing sensitive account information.

"Twitter's cybersecurity posture is concerning," Raza said. "The resignations of information security, compliance, trust, and privacy chiefs only heightened the uncertainty that is surrounding Twitter's current and future security state."

Continued opportunities to impersonate companies on Twitter could become yet another driver for increasing fraud cases, according to Richard Harris, head of advisory at the fraud prevention company Feedzai.

"All forms of impersonation fraud are rising rapidly, and social media is proving an ideal forum to attract the uneducated or unwary or desperate consumer looking for something that's 'too good to be true,' " Harris said. "This is turning fraud and social engineering into a fully automated industry making billions for criminals."

For Harris, the problems all come back to regulation — and which people and companies get hurt when social media platforms make mistakes or act negligently.

"The question we should be asking is how Twitter and the other social media companies are going to deal with this themselves before regulators think about getting involved to stem the losses," Harris said. "Right now, the financial services industry is paying to clean up someone else's mess."

For reprint and licensing requests for this article, click here.
Fraud Technology
MORE FROM AMERICAN BANKER