Analysis of an hacked (and scammer) twitter account

In this days of Twitter acquisition by Elon Musk I got a chat request on Twitter from a curious account.

Curious because I get scammer chat request on telegram and I track them on Twitter itself since 2010:

https://twitter.com/Mte90Net/status/1333733749842915328

If you open the tweet if can see that in 2 years I just published some chat with those because is fun and let me to do some tests.
One of the test I want to do in this period is about politics like if the war in Ucraina is by Nazi Russian politicians or that Taiwan is a autonomous country.

Anyway I had some red flag just with the name and the introduction:

 

So let’s use the brain to understand that we are talking with a fake account:

  • First of all I am a male so any chat request by a female require some suspicions, it is the usual way they try to scam you with photos stolen from girls online
  • Then ext step is that the name John is not properly from a female person, as from the photo is a woman, and the handle after looking a bit on internet a name/surname in Indonesian
  • Also mention crypto, that I don’t care at all, that is always the reason to get your money in something

So the next step from a person with a brain, it is to look the tweets.

We can see that this account started after like 4 years to publish something and changing topic at all. Looking at the photos there aren’t any EXIF data to do more studies and using a reverse image search on Google didn’t found anything.

Instead looking the rest of old tweets we found interesting stuff.

 

We get a confirm that is a developer or someone working on IT stuff but on the profile it is written that it is a finance analyst.

We get another hint, fb.me auto shares on Twitter. They were used years ago and required that you connected your Facebook account to twitter and now this feature is not available anymore. This let’s us understand that the owner of the account is the same.

And also that published a lot of photo so the next step is open those links.

Well this is not seems a female at all and of course the Facebook account name is the same of the Twitter handle.

So we can confirm easily that is the real person of the account (looking also at the other photos that I don’t to share has there kids etc).
Another thing that we can do is look at the follower of the account so we have just a couple of other spam account with the same bio.

We find also some follower of this account with the same surname of this one.

We see also some accounts related to the account topics and real location that is Indonesia instead of New Zeland or US.

Let’s move back to the chat with this scammer.


Things start to be funny. Says that is a bad dream but doesn’t make sense at all, I wasn’t expecting an explanation like this.
Also in the photo I got from that account we can see a building with a text written in Cyrillic if she cames from US and live in new zealand this seems very strange. But anyway this scammer didn’t replied to that.

I tried with an OCR on Google translate with Russian/Bielorussian and was capable to detect some words but not very good but you can do a test too. That service let’s you to use with the app and the camera to find text in photos and auto translate it.

So it was time to trigger the scammer to see what is happening before report it.

I didn’t got any triggering from the scammer…

I tried with timezone as when I was writing was midnight but I think that now the scammer understood that I am trying to debunk him.

My age is not a mystery but probably showed it it wasn’t good as because I wanted to see when she created the account as the oldest tweet is from 2013.

Let’s go back on track.

Well I think that it’s all, time to block and report it. Cannot provide anymore trustful information. As investigating that real owner, using facebook, he never divorced and has kids that have like 3/4 years (and a wife). I did some typos also to see if we are talking with a bot but there was a real person behind.

She ignored some questions so it isn’t worth it to keep this discussions.

Conclusion

  • Don’t thrust people on internet
  • On social networks it is more easy to debunk an account compared to messaging systems (like Telegram) where the only hints are the handle, the bio and the profile photo(s).
  • In case of Telegram, as I am Italian, and they write to me in that language but we don’t have any account in common, usually they join a group and got banned but they write to all the users of that group. It is strange that someone from Scotland write to me in Italian just to make friends on Telegram with no similar points.
  • Yes also on fediverse can be created spam accounts, it isn’t a something platform based. In case there is a better detection of spammer accounts.
  • The photo are public so I can share them on this page
  • Those scammers are usually from countries with sanctions from ONU, like Russia/North Korea or also by China to get fund not traceable
Liked it? Take a second to support Mte90 on Patreon!

2 thoughts on “Analysis of an hacked (and scammer) twitter account

Leave a Reply

Your email address will not be published. Required fields are marked *