Suckers lists. Compilations of personal details relating to people who are easy to scam. You might think that this type of information is a very closed shop, with scam organisations keeping the data closely guarded among their ranks and charging a vast amount of money even to pass it on to fellow blag artists. But the combination of human ignorance and social media’s ‘sleepwalk’ privacy arrangements means that actually, if you want to compile your own suckers list, you can do it on Twitter, in moments, for free.
I’ve just been served up with the usernames of hundreds of people who are exceptionally easy targets for scams, and I’m going to tell you how I found them.
Naturally, however, because this post is a call for Web users to take their privacy more seriously, and certainly not some kind of “How to perpetrate a scam” tutorial, I’m going to be quite cryptic to ensure I’m not putting anyone in danger. Indeed, I can’t even publish a screen capture showing a tweet from the scammer whose account led me to the suckers list. Even with the name of the account censored, readers could simply have gone onto Google or Twitter and Advanced-Searched text from the tweet, finding their way to the centre of the debacle in seconds.
But this is precisely the danger with social media. People generally understand that they’re speaking publicly and that anyone can read what they say. What many don’t understand, however, is what the unscrupulous can do with the information. What people’s remarks and behaviours say about them. And how the advanced search functions can unearth vulnerable users to sophisticated cheats and scammers.
So how does all this work? Well, the most basic method of finding suckers on Twitter is a kind of reverse engineering. You start by locating the scammer, and then you use Twitter’s inability to hide the replies and interactions to see who’s taking the bait. In fact, Twitter’s privacy protections are completely non-existent on public accounts. People often say: “Well, what’s the problem with allowing users to be profiled by anyone and everyone? If you’ve nothing to hide, you’ve nothing to fear, right?” But the answer is that people DO have something to hide! If an individual is susceptible to scams and an easy target for fraud, they need to keep that fact private, and a website should not be allowing widespread public access to this information, AT ALL – let alone in a couple of clicks of a mouse.
Of course, what I’m not going to publish, is information on how to find scammers on Twitter, because if an unscrupulous reader was to do that, they could build a viable suckers list in five minutes flat. But be in no doubt that those who want to, can find out who’s being taken for a mug on Twitter, and move in for a piece of the action themselves.
What I’ve found today is an account offering inducements for retweets and follows. That’s not unusual – it happens all the time. But in this instance the inducement was a product costing £hundreds. The rogue Twitter account was offering this product free of charge to anyone who followed and retweeted them. Now, how could something like that possibly be real? Why on earth would any business need to pay £hundreds for each follow and retweet? The notion is utterly ridiculous.
And yet literally hundreds of people were taking the bait. Following, retweeting, and replying with the exact spec of free product they wanted! It was clear from the replies that many of these people seriously thought they were getting a high value luxury item entirely free, just because they retweeted and followed someone on Twitter. If this wasn’t a suckers list, I can’t imagine what would be.
Had I been a scammer, I could have targeted every one of those vulnerable people with more plausible promotions, and my success rate would almost inevitably have been considerable. Okay, so in this instance, the ‘scam’ account in question may only have been trying to accumulate followers and influence on Twitter, and not actually taking money from people – although I do emphasise the word “may”, because once following, any of those people could have been scammed by DM (Direct Message). But the real danger is in the wealth of insight these ruses provide – the way they profile replying users as suckers and publicly mark them out as targets for rip-offs.
IT GETS WORSE
As someone who pays a lot more attention to reading social media than publishing on it, I’ve seen many instances of very stupid behaviour by random users. Making public their email addresses, their home addresses, their phone numbers, etc, clearly under the impression that “no one will see”. But people do see, and what’s more Google sees. And if Google sees, you’re not going to delete your private data from the Internet with the click of a mouse. It could take weeks – even months to disappear from Google if your private data gets indexed, and that’s something far too few people consider.
The social networking sites should have protections built in to stop people posting private information, and they should all strive to educate users on the dangers of Information Technology, as well as taking a tough line on rogue behaviour, which still, at present, often goes completely unchecked until the police get involved. Twitter is awash with fake accounts (a guide to spotting them in this Fake and Catfish Account article), but it seems the site feels no responsibility whatsoever to warn users of the dangers.
And it’s not only the scammers; it’s the racists, the sex pests – people who are literally breaking the law but not being stopped… So often these accounts get reported and automatically suspended, only to re-appear because Twitter apparently doesn’t see anything wrong with them, and classes behaviours which would lead to arrest in the offline world as “free speech”.
Networking sites need not only to take legally suspect behaviour more seriously – they need to give users much more protective default privacy settings. But in the end, of course, the reason social networking sites won’t properly protect users’ privacy and educate people to be privacy-conscious, is that their business is built around user-ignorance. If the userbase started to recognise how vulnerable they are to profiling, they’d end up being far too cautious to be any use to the grand marketing machine that feeds Web 2.0. That would put off advertisers, and seriously dent the profitability of the sites.
So I suspect that no one’s going to be stamping out the Twitter suckers list in a hurry. It’s up to you to defend yourself, and help spread the word that taking privacy seriously is exceptionally important. It’s not just a matter of recognising who’s sharing your private data – it’s about being suspicious of the whole online world. It’s not paranoia. You don’t really know who anyone is. Suspicion is 100% rational.